Reflected XSS in PageLayer Affects WordPress Sites
CVE-2020-36384

6.1MEDIUM

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
7 June 2021

What is CVE-2020-36384?

The PageLayer plugin prior to version 1.3.5 contains a reflected Cross-Site Scripting (XSS) vulnerability that can be exploited through color settings. This vulnerability allows attackers to inject malicious scripts, potentially affecting over 200,000 WordPress sites. If exploited, it could lead to unauthorized actions on behalf of users or compromise sensitive information.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.