CVE-2024-13427 – WordPress Pagelayer Stored Cross-Site Scripting

May 24, 2025

CVE ID : CVE-2024-13427

Published : May 24, 2025, 3:15 a.m. | 1 hour, 38 minutes ago

Description : The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 1.9.9 and completely fixed in version 2.0.1.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48752 – Apache Process-Sync Pthread Mutex Unlock Vulnerability

Next Article CVE-2025-48753 – “Anode SpinLock Data Race Vulnerability”

Highlights

CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

May 22, 2025

CVE ID : CVE-2025-48368

Published : May 22, 2025, 6:15 p.m. | 36 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim’s browser. This can lead to session hijacking, defacement, or redirection to malicious sites. The vulnerability can be triggered by injecting a crafted payload into a parameter that is later processed unsafely in the DOM. Versions 6.8.119 and 25.0.20 contain a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft nags more users with Windows 10 end of life banner, says get Windows 11

Microsoft nags more users with Windows 10 end of life banner, says get Windows 11

Hate Windows 11? Windows 10’s extended updates Enroll button is slowly rolling out, says Microsoft

Firefox Web App Support Available to Test (on Windows, At Least)

CVE-2024-13427 – WordPress Pagelayer Stored Cross-Site Scripting

CVE-2025-8208 – Spexo Addons for Elementor WordPress Stored Cross-Site Scripting

CVE-2025-9379 – “Belkin AX1800 Firmware Update Handler Remote Authentication Bypass”

CVE-2025-24522 – KUNBUS Revolution Pi Node-RED Remote Command Execution

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

8 Excellent Free Books to Learn Julia

CVE-2009-10006 – “UFO: Alien Invasion IRC Client Buffer Overflow”

CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

CVE-2025-46728 – cpp-httplib Chunked Request Body Overflow

CVE-2025-4151 – PHPGurukul Curfew e-Pass Management System SQL Injection Vulnerability

CVE-2025-38156 – Marvell MT7996 Null Pointer Dereference Vulnerability (WiFi)

CVE-2024-13427 – WordPress Pagelayer Stored Cross-Site Scripting

Related Posts