CVE Details
Basic Information
| Title |
CVE-2025-4223 |
| Type |
cve |
| Published |
2025-05-24T05:15:21 |
| Last Seen |
2025-05-24T05:21:09 |
CVSS Information
| Base Score |
4.7 (MEDIUM) |
| Attack Vector |
NETWORK |
| Attack Complexity |
HIGH |
| Privileges Required |
NONE |
| User Interaction |
REQUIRED |
| Scope |
CHANGED |
| Confidentiality Impact |
LOW |
| Integrity Impact |
LOW |
| Availability Impact |
NONE |
AI Analysis
| AI Description |
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the ‘login_url’ parameter in versions up to and including 2.0.0. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data theft. |
| AI Severity |
Medium |
| Vendor |
Pagelayer |
| Product |
Page Builder: Pagelayer β Drag and Drop website builder plugin for WordPress |
| Affected Version |
<= 2.0.0 |
Additional Information
| CVE List |
CVE-2025-4223 |
| CWE List |
CWE-79 |
| Bulletin Family |
cve |
Description
The Page Builder: Pagelayer β Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βlogin_urlβ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)
View Full CVE Details
