Vulnerabilities > Pagelayer

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-18	CVE-2024-43972	Cross-site Scripting vulnerability in Pagelayer Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7. network low complexity pagelayer CWE-79	4.8
2024-06-09	CVE-2024-30465	Unspecified vulnerability in Pagelayer Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1. network low complexity pagelayer	8.8
2024-02-23	CVE-2024-1590	Cross-site Scripting vulnerability in Pagelayer The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity pagelayer CWE-79	5.4
2024-01-29	CVE-2023-5124	Cross-site Scripting vulnerability in Pagelayer The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations. network low complexity pagelayer CWE-79	4.8
2024-01-04	CVE-2023-6738	Cross-site Scripting vulnerability in Pagelayer The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity pagelayer CWE-79	5.4
2023-10-16	CVE-2023-4687	Unspecified vulnerability in Pagelayer The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts. network low complexity pagelayer	6.1
2023-10-16	CVE-2023-5087	Unspecified vulnerability in Pagelayer The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. network low complexity pagelayer	5.4
2021-06-07	CVE-2020-36383	Cross-site Scripting vulnerability in Pagelayer PageLayer before 1.3.5 allows reflected XSS via the font-size parameter. network low complexity pagelayer CWE-79	6.1
2021-06-07	CVE-2020-36384	Cross-site Scripting vulnerability in Pagelayer PageLayer before 1.3.5 allows reflected XSS via color settings. network low complexity pagelayer CWE-79	6.1
2021-01-01	CVE-2020-35947	Cross-site Scripting vulnerability in Pagelayer An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. network low complexity pagelayer CWE-79	7.4

Vulnerabilities > Pagelayer {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pagelayer"}]}

Vulnerabilities > Pagelayer