PT-2021-11876 · WordPress · Pagelayer

Chloe Chamberland

Published

2021-01-01

Updated

2021-07-21

CVE-2020-35944

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: PageLayer plugin versions prior to 1.1.2 for WordPress

Description: An issue in the PageLayer plugin allows for CSRF, which can lead to XSS. The pagelayer settings page function is vulnerable to this issue.

Recommendations: For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider disabling the pagelayer settings page function until a patch is available. Restrict access to the PageLayer plugin settings to minimize the risk of exploitation.

Exploit

Fix

XSS

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-352

Related Identifiers

CVE-2020-35944

Affected Products

Pagelayer

PT-2021-11876 · WordPress · Pagelayer

CVE-2020-35944

Weakness Enumeration

Related Identifiers

Affected Products

References · 5