VYPR
Unrated severityNVD Advisory· Published Jan 29, 2024· Updated May 22, 2025

PageLayer < 1.8.0 - Author+ Stored XSS

CVE-2023-5124

Description

The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.