Softaculous Page Builder: Pagelayer – Drag And Drop Website Builder
12 CVEs affecting Softaculous Page Builder: Pagelayer – Drag And Drop Website Builder. Latest disclosed: 2026-04-08. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2509 | Medium | 6.4 | 2026-04-08 | The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions u… |
CVE-2024-13427 | Medium | 6.4 | 2025-05-24 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in… |
CVE-2024-2504 | Medium | 6.4 | 2024-04-09 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all v… |
CVE-2024-2127 | Medium | 6.4 | 2024-03-07 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all vers… |
CVE-2023-6738 | Medium | 5.4 | 2024-01-04 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code'… |
CVE-2026-2442 | Medium | 5.3 | 2026-03-28 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection')… |
CVE-2025-4223 | Medium | 4.7 | 2025-05-24 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘login_url’ parameter… |
CVE-2024-1590 | Medium | 4.6 | 2024-02-23 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in… |
CVE-2025-12366 | Medium | 4.3 | 2025-11-13 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and i… |
CVE-2025-2104 | Medium | 4.3 | 2025-03-13 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation… |
CVE-2024-13430 | Medium | 4.3 | 2025-03-12 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1… |
CVE-2025-1926 | Medium | 4.3 | 2025-03-10 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includi… |