Pagelayer

Pagelayer

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-8618

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:59
  • Zuletzt bearbeitet 27.05.2025 19:51:55

The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability...

4.8

CVE-2024-8426

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:58
  • Zuletzt bearbeitet 27.05.2025 19:52:11

The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.3

CVE-2025-2104

  • EPSS 0.1%
  • Veröffentlicht 13.03.2025 05:15:28
  • Zuletzt bearbeitet 26.05.2025 02:13:09

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This ...

4.3

CVE-2024-13430

  • EPSS 0.1%
  • Veröffentlicht 12.03.2025 08:21:37
  • Zuletzt bearbeitet 02.04.2025 12:40:18

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions o...

4.3

CVE-2025-1926

  • EPSS 0.02%
  • Veröffentlicht 10.03.2025 04:21:10
  • Zuletzt bearbeitet 26.05.2025 02:32:26

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post ...

6.5

CVE-2025-24573

  • EPSS 0.35%
  • Veröffentlicht 24.01.2025 18:15:34
  • Zuletzt bearbeitet 24.01.2025 18:15:34

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows DOM-Based XSS. This issue affects PageLayer: from n/a through 1.9.4.

4.3

CVE-2023-49196

  • EPSS 0.17%
  • Veröffentlicht 09.12.2024 13:15:35
  • Zuletzt bearbeitet 09.12.2024 13:15:35

Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.

4.8

CVE-2024-43972

  • EPSS 0.16%
  • Veröffentlicht 18.09.2024 00:15:07
  • Zuletzt bearbeitet 25.09.2024 14:16:18

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7.

8.8

CVE-2024-30465

  • EPSS 0.3%
  • Veröffentlicht 09.06.2024 11:15:50
  • Zuletzt bearbeitet 21.11.2024 09:11:58

Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1.

5.4

CVE-2024-2504

  • EPSS 0.23%
  • Veröffentlicht 09.04.2024 19:15:34
  • Zuletzt bearbeitet 13.02.2025 19:39:54

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escap...