Volerion logoVolerion
Volerion logoVolerion

Page Builder: Pagelayer Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the Page Builder: Pagelayer WordPress plugin, specifically in versions through 2.0.0. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary scripts into pages. These scripts would execute only if a user is tricked into clicking a link. Exploitation requires a valid username and password, with the injected scripts running in the context of the authenticated user.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject scripts that are executed in the context of the user.

Reproduction

To reproduce this vulnerability, send a request to the WordPress site with the 'login_url' parameter, including a script payload. Ensure that the request is made by a user with a valid username and password, as the injected script will only execute in the context of an authenticated user.

Remediation

Users are advised to update the Page Builder: Pagelayer plugin to version 2.0.1 or later.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
1.7
exploitability
7.6
remediation
7.7
relevance
0.0
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.