PageLayer
Softaculous
Developer
2.1.0
Latest version
400,000
Installations
No date
Last updated
Vulnerability history
0 present
26 patched
6 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes vulnerability<= 2.0.809/04/2026
- Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' vulnerability<= 2.0.728/03/2026
- Sensitive Data Exposure vulnerability<= 2.0.812/03/2026
- Admin+ Stored XSS vulnerability< 1.8.831/12/2025
- Authenticated (Author+) Insecure Direct Object Reference vulnerability<= 2.0.512/11/2025
- Reflected Cross-Site Scripting via login_url Parameter vulnerability<= 2.0.023/05/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link vulnerability<= 2.0.023/05/2025
- Admin+ Stored XSS vulnerability< 1.9.019/05/2025
- Missing Authorization to Authenticated (Contributor+) Post Publication vulnerability<= 1.9.812/03/2025
- Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode vulnerability<= 1.9.811/03/2025
- Cross-Site Request Forgery (CSRF) To Post Contents Modification vulnerability<= 1.9.810/03/2025
- Cross Site Scripting (XSS) vulnerability<= 1.9.424/01/2025
- Cross Site Scripting (XSS) vulnerability<= 1.8.728/08/2024
- Broken Access Control vulnerability<= 1.8.128/03/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes vulnerability<= 1.8.422/03/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability<= 1.8.307/03/2024
- Admin+ Stored XSS vulnerability< 1.8.127/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Button vulnerability<= 1.8.223/02/2024
- Author+ Stored XSS vulnerability<= 1.7.931/01/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via meta fields vulnerability<= 1.7.831/01/2024
- Broken Access Control vulnerability<= 1.7.701/12/2023
- Author+ Stored XSS vulnerability< 1.7.817/10/2023
- Unauthenticated Stored XSS vulnerability< 1.7.717/10/2023
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability< 1.7.714/09/2023
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.3.410/12/2020
- Unprotected AJAX and Nonce Disclosure to Stored Cross-Site Scripting (XSS)<= 1.1.128/05/2020