PageLayer WordPress Plugin Vulnerabilities Risked Over 200K Websites

Continuing with the trail of vulnerable plugins, now joins PageLayer. Researchers found some serious vulnerabilities in PageLayer WordPress plugin that posed a threat to more than 200,000 websites.

PageLayer Plugin Vulnerabilities

Reportedly, team Wordfence has come up with another interesting finding regarding a WordPress plugin. This time, they found a couple of vulnerabilities in the PageLayer WordPress plugin that threatened thousands of websites. They have shared the details in a recent blog post.

Briefly, they found two different vulnerabilities in the plugin.

The first of these is a high-severity bug with a CVSS score of 7.4. It existed because of the absence of permission checks on all AJAX endpoints in the plugin. Hence, a user with any level of access to the site could perform any actions. As stated in the post,

These AJAX endpoints only checked to see if a request was coming from /wp-admin through an authenticated session and did not check the capabilities of the user sending the request.

Even a subscriber-level user could gain access to the site and meddle with site contents. This includes deleting the content or injecting malicious content to the existing pages.

The second vulnerability, also a high-severity bug with a CVSS score of 8.8, existed due to the absence of CSRF protection. Hence an adversary could inject malicious scripts to the site pages, that would execute whenever someone would visit the page.

Patch Rolled Out

Upon discovering the vulnerabilities, Wordfence contacted the plugin developers who then worked on the fixes.

Consequently, they implemented permission checks on all functions linked with site changes and added nonces for separate public and admin access. Besides, they implemented CSRF protection addressing the second vulnerability.

The developers released both the fixes with Page Builder: PageLayer version 1.1.2. Since then, they have made further improvements as well. Hence the latest version now available is 1.1.4. Users should ensure upgrading to this plugin version at the earliest to receive all the updates.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients