Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Page Builder: Pagelayer – Drag and Drop website builder — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in Page Builder: Pagelayer – Drag and Drop website builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: softaculous

CVE IDTitleCVSSSeverityPublished
CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes CWE-79 6.4 Medium2026-04-08
CVE-2026-2442 Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' CWE-93 5.3 Medium2026-03-28
CVE-2025-12366 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference CWE-639 4.3 Medium2025-11-13
CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter CWE-79 4.7 Medium2025-05-24
CVE-2024-13427 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link CWE-79 6.4 Medium2025-05-24
CVE-2025-2104 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication CWE-862 4.3 Medium2025-03-13
CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode CWE-284 4.3 Medium2025-03-12
CVE-2025-1926 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification CWE-352 4.3 Medium2025-03-10
CVE-2024-2504 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes CWE-79 6.4 Medium2024-04-09
CVE-2024-2127 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes CWE-79 6.4 Medium2024-03-07
CVE-2024-1590 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button CWE-79 4.6 Medium2024-02-23
CVE-2023-6738 PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields CWE-20 5.4 Medium2024-01-04

All 12 known CVE vulnerabilities affecting Page Builder: Pagelayer – Drag and Drop website builder with full Chinese analysis, references, and POCs where available.