Primary

Context

Page Builder: Pagelayer Information Exposure Vulnerability in WordPress Plugin

Vulnerability

Patched

A vulnerability allowing information exposure has been identified in the Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress. This issue affects all versions through 1.9.8. The vulnerability arises in the 'pagelayer_builder_posts_shortcode' function, where inadequate restrictions allow authenticated attackers with Contributor-level access and above to access and extract data from private posts that should remain confidential.

Impact

Exploitation of this vulnerability could lead to unauthorized access to private post data, allowing attackers to view information they are not entitled to.

Remediation

Users are advised to update the plugin to version 1.9.9 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Page Builder: Pagelayer Information Exposure Vulnerability in WordPress Plugin

Vulnerability

Impact

Remediation

Affected Products

Page Builder: Pagelayer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating