CVE-2025-1926

Name of the Vulnerable Software and Affected Versions Pagelayer versions prior to 1.9.9

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the pagelayer save post function. This allows unauthenticated attackers to modify post contents via a forged request if they can trick a site administrator into performing a specific action.

Recommendations For versions prior to 1.9.9, update to version 1.9.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the pagelayer save post function until a patch is available.