cleantalk
Vulnerabilities and Security Researches

Page Builder: Pagelayer – Drag and Drop website builder, CVE-2025-2104

CVE, Research URL

CVE-2025-2104

Home page URL

Security reports for Page Builder: Pagelayer – Drag and Drop website builder

Application

Page Builder: Pagelayer – Drag and Drop website builder

Published on
Mar 13, 2025
Research Description
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site.
Affected versions
Min -, max 2.0.0.
Status
vulnerable
Previous vulnerability researches
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-24573) , Jan 26, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-2104) , Mar 14, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13430) , Mar 12, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2020-36384) , Jun 07, 2024
New vulnerability
Arrow Maps – Custom Maps for WordPress (CVE-2025-28858) , Mar 28, 2025
MediaView (CVE-2025-2481) , Mar 28, 2025
Clearout Email Validator – Real Time Email Validation on WordPress Forms (CVE-2025-30789) , Mar 28, 2025
Order Status Rules for WooCommerce (CVE-2025-30781) , Mar 28, 2025
Product Catalog – Catalog for WordPress (CVE-2025-30524) , Mar 28, 2025