CVE-2024-13430

Medium CVSS: 4.3

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.

Vendor

Pagelayer

Product

Pagelayer

CWE

CWE-284

Yayın Tarihi

2025-03-12 09:15:10

Güncelleme

2025-04-02 12:40:18

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-284 Pagelayer MEDIUM Pagelayer 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3252081/pagelayer https://www.wordfence.com/threat-intel/vulnerabilities/id/1de8da4c-dee7-4d59-a475-a969008aa0d4?source=cve

Benzer Kayıtlar

Medium

CVE-2024-8618

The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which coul…

Medium

CVE-2024-8426

The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which coul…

Medium

CVE-2025-2104

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publ…

Medium

CVE-2025-1926

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request For…