Several vulnerabilities were previously discoverd on the plugin Page Builder: PageLayer – Drag and Drop website builder, a WordPress plugin actively installed on over 200,000 websites. This marks another Page Builder plugin with vulnerabilities found in the last few months.
One flaw allows any subscriber-level and above user the ability to update/modify posts with malicious content, while another flaw allows attackers to forge malicious requests on behalf of a site’s administrator to modify the settings of the plugin. These are considered critical security issues with severe potential implications.
For websites at risk, it is recommended to run a server-side scan to monitor the filesystem for changes so that presence of any malware can be detected.
Beyond that, it is recommended to update your themes and plugins to their latest versions and ensure that your host is using the latest stable version of PHP. The latest version (1.1.4) of the Pagelayer plugin has already been patched for these issues.
For more information please check the official public release.
If you have questions, don’t hesitate to contact our support team.