CVE-2024-13427 – WordPress Pagelayer Stored Cross-Site Scripting

May 24, 2025

CVE ID : CVE-2024-13427

Published : May 24, 2025, 3:15 a.m. | 1 hour, 38 minutes ago

Description : The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 1.9.9 and completely fixed in version 2.0.1.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48752 – Apache Process-Sync Pthread Mutex Unlock Vulnerability

Next Article CVE-2025-48753 – “Anode SpinLock Data Race Vulnerability”

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

My favorite gaming service is 40% off right now (and no, it’s not Xbox Game Pass)

A timeline of JavaScript’s history

A timeline of JavaScript’s history

Loading JSON Data into Snowflake From Local Directory

Streamline Conditional Logic with Laravel’s Fluent Conditionable Trait

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

CVE-2024-13427 – WordPress Pagelayer Stored Cross-Site Scripting

CVE-2025-47631 – Mojoomla Hospital Management System Privilege Escalation Vulnerability

CVE-2025-47637 – STAGGS Web Server Unrestricted File Upload RCE

gplaces is a simple terminal Gemini client

Building Rich Text Editors with React – Tiptap UI Components

The Pillow

Meeting European Accessibility Act (EAA) Standards: A Developer’s Checklist

Lightsonic raises €3.3M Seed to scale fiber optic sensing for infrastructure

NVIDIA’s “most powerful” RTX 50-Series laptops fail to impress — Here’s what I suggest before buying

Debian sostiene End of 10: un futuro libero oltre Windows 10

Monster Hunter Wilds celebrates 10 million copies sold as Capcom fully admits it made the game too easy — Plans to increase challenges in the coming months

CVE-2024-13427 – WordPress Pagelayer Stored Cross-Site Scripting

Related Posts