cleantalk
Vulnerabilities and Security Researches

Page Builder: Pagelayer – Drag and Drop website builder, CVE-2023-7115

CVE, Research URL

CVE-2023-7115

Home page URL

Security reports for Page Builder: Pagelayer – Drag and Drop website builder

Application

Page Builder: Pagelayer – Drag and Drop website builder

Published on
Feb 27, 2024
Research Description
The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
Min -, max 1.8.1.
Status
vulnerable
Previous vulnerability researches
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-24573) , Jan 26, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-2104) , Mar 14, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13430) , Mar 12, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2020-36384) , Jun 07, 2024
New vulnerability
SecuPress Free — WordPress Security (CVE-2025-3452) , Apr 30, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-2893) , Apr 30, 2025
My Tickets (CVE-2025-3761) , Apr 29, 2025
Mang Board WP (CVE-2025-3435) , Apr 29, 2025
Church Admin (CVE-2025-39553) , Apr 29, 2025