Vulnerabilities > Pagelayer > Pagelayer > 1.8.5

DATE CVE VULNERABILITY TITLE RISK
2025-03-12 CVE-2024-13430 Improper Access Control vulnerability in Pagelayer
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included.
network
low complexity
pagelayer CWE-284
4.3
2024-09-18 CVE-2024-43972 Cross-site Scripting vulnerability in Pagelayer
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7.
network
low complexity
pagelayer CWE-79
4.8