PT-2025-11143 · Pagelayer · Pagelayer
Brian Sans-Souci
+1
·
Published
2025-03-13
·
Updated
2025-05-26
·
CVE-2025-2104
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
The Page Builder: Pagelayer versions up to, and including, 1.9.8
Description:
The issue is related to insufficient validation on the
pagelayer save content() function, allowing authenticated attackers with Contributor-level access and above to bypass post moderation and publish posts to the site.Recommendations:
For versions up to, and including, 1.9.8, update to a version that includes a fix for the insufficient validation in the
pagelayer save content() function.
As a temporary workaround, consider restricting access to the pagelayer save content() function to prevent unauthorized post publication.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pagelayer