Two reflected Cross-Site Scripting (XSS) vulnerabilities were found on the plugin PageLayer which is installed on over 200,000 sites. This is a critical issue as it could allow an attacker to take over a vulnerable WordPress site.
These vulnerabilities have been fully patched in version 1.3.5 and we strongly recommend all users update to the latest version.
For more information, please check the official public release.
If you have questions, don’t hesitate to contact our support team.