CVE-2024-13430

Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions up to, and including, 1.9.8

Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private posts they should not have access to due to insufficient restrictions on which posts can be included. This is possible via the pagelayer builder posts shortcode function.

Recommendations: For versions up to, and including, 1.9.8, update to a version that includes a fix for this issue to prevent information exposure. As a temporary workaround, consider restricting access to the pagelayer builder posts shortcode function until a patch is available.