CVE-2024-8426

Name of the Vulnerable Software and Affected Versions: Page Builder: Pagelayer versions prior to 1.8.8

Description: The issue concerns the Page Builder: Pagelayer WordPress plugin, where versions prior to 1.8.8 do not properly sanitise and escape some of its settings. This could allow high privilege users, such as administrators, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed.

Recommendations: For versions prior to 1.8.8, update to version 1.8.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.