Security flaws found in popular WordPress PageLayer plugin can exploit up to 100k+ websites
Pagelayer is a WordPress page builder plugin. It’s very easy to use and very light on the browser. Pagelayer works with any WordPress theme. Pagelayer is a real-time editor and you can create beautiful web pages and web sites in a few minutes! You don’t need any programming knowledge when using Pagelayer. Pagelayer comes with top-notch features with a great UX and simple UI.
Researches have found two major security flaws in the Pagelayer plugin that could potentially allow attackers to wipe the contents or take over WordPress sites using vulnerable plugin versions. One vulnerability could allow an authenticated user with subscriber-level and above permissions to update and modify posts.
One flaw allowed any authenticated user with subscriber-level and above permissions, the ability to update and modify posts with malicious content, amongst many other things
said the researchers
The researchers reported the vulnerabilities to PageLayer’s developer on April 30 and were patched with the release of version 1.1.2 on May 6. The developers warn their users to update the plugin version as soon as possible.
Well, the company is yet to release the official statement of the users that got affected by the vulnerabilities. For more updates on cybersecurity and tech news subscribe to our newsletter from here