Pagelayer
Monthly
Softaculous PageLayer WordPress plugin through version 2.0.8 allows authenticated users to retrieve embedded sensitive data through exposure of information to an unauthorized control sphere. The vulnerability has a low CVSS score of 4.3 and an extremely low EPSS percentile of 5%, indicating minimal real-world exploitation probability despite requiring authenticated access. No active exploitation or public exploit code has been identified at time of analysis.
The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Softaculous PageLayer WordPress plugin through version 2.0.8 allows authenticated users to retrieve embedded sensitive data through exposure of information to an unauthorized control sphere. The vulnerability has a low CVSS score of 4.3 and an extremely low EPSS percentile of 5%, indicating minimal real-world exploitation probability despite requiring authenticated access. No active exploitation or public exploit code has been identified at time of analysis.
The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.