Reflected XSS in PageLayer Affects WordPress Sites
CVE-2020-36384
6.1MEDIUM
What is CVE-2020-36384?
The PageLayer plugin prior to version 1.3.5 contains a reflected Cross-Site Scripting (XSS) vulnerability that can be exploited through color settings. This vulnerability allows attackers to inject malicious scripts, potentially affecting over 200,000 WordPress sites. If exploited, it could lead to unauthorized actions on behalf of users or compromise sensitive information.