cleantalk
Vulnerabilities and Security Researches

Page Builder: Pagelayer – Drag and Drop website builder, CVE-2024-8618

CVE, Research URL

CVE-2024-8618

Home page URL

Security reports for Page Builder: Pagelayer – Drag and Drop website builder

Application

Page Builder: Pagelayer – Drag and Drop website builder

Published on
May 16, 2025
Research Description
The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 1.9.0.
Status
vulnerable
Previous vulnerability researches
LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing (CVE-2024-3590) , Jun 07, 2024
LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing (CVE-2023-27415) , Jun 07, 2024
LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing (CVE-2024-34568) , Jun 07, 2024
New vulnerability
ImageMagick Engine (CVE-2024-6486) , May 19, 2025
AI ChatBot (CVE-2025-0329) , May 19, 2025
Auto Affiliate Links (CVE-2024-9838) , May 19, 2025
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-2203) , May 19, 2025
Team – WordPress Team Members Showcase Plugin (CVE-2024-9236) , May 19, 2025