Pagelayer < 1.3.5 – Multiple Reflected Cross-Site Scripting (XSS)

Affects Plugins

pagelayer

Fixed in 1.3.5

References

URL

https://www.wordfence.com/blog/2020/12/reflected-xss-in-pagelayer-plugin-affects-over-200000-wordpress-sites/

URL

https://plugins.trac.wordpress.org/changeset/2415325/pagelayer

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Ram Gall (Wordfence)

Verified

No

WPVDB ID

8d500d20-4ac0-48b1-8529-3f07aadb1288

Timeline

Publicly Published

2020-12-10 (about 2 years ago)

Added

2020-12-10 (about 2 years ago)

Last Updated

2020-12-11 (about 2 years ago)

Other

Published

Title

Published

2019-12-13

Title

WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content

Published

2023-07-18

Title

ARMember (free and premium) - Admin+ Stored Cross-Site Scripting

Published

2014-08-01

Title

Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS

Published

2014-08-01

Title

A Forms 1.4.0 - a-forms.php a_form_page Function Multiple Parameter XSS

Published

2017-06-29

Title

Postman SMTP Mailer/Email Log - Cross-Site Scripting (XSS)