VYPR

Goodlayers Core

by WordPress

CVEs (4)

  • CVE-2025-59580HigOct 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7.

  • CVE-2024-11200MedDec 3, 2024
    risk 0.40cvss 6.1epss 0.00

    The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2024-12163Jan 30, 2025
    risk 0.00cvss epss 0.00

    The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads.

  • CVE-2024-11357Jan 2, 2025
    risk 0.00cvss epss 0.00

    The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.