CVE Details
Basic Information
| Title |
CVE-2024-13427 |
| Type |
cve |
| Published |
2025-05-24T03:15:23 |
| Last Seen |
2025-05-24T03:20:49 |
CVSS Information
| Base Score |
6.4 (MEDIUM) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
LOW |
| User Interaction |
NONE |
| Scope |
CHANGED |
| Confidentiality Impact |
LOW |
| Integrity Impact |
LOW |
| Availability Impact |
NONE |
AI Analysis
| AI Description |
The Page Builder: Pagelayer plugin for WordPress is vulnerable to stored cross-site scripting (XSS) via the Button widget. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject malicious scripts into web pages, which can be executed when other users view the affected pages. The vulnerability affects all versions up to and including 2.0.0. |
| AI Severity |
Medium |
| Vendor |
Pagelayer |
| Product |
Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress |
| Affected Version |
<= 2.0.0 |
Additional Information
| CVE List |
CVE-2024-13427 |
| CWE List |
CWE-79 |
| Bulletin Family |
cve |
Description
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.0 due to insufficient…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)
View Full CVE Details
