Two reflected Cross-Site Scripting (XSS) vulnerabilities were found on the plugin PageLayer which is installed on over 200,000 sites. This is a critical issue as it could allow an attacker to take over a vulnerable WordPress site.

These vulnerabilities have been fully patched in version 1.3.5 and we strongly recommend all users update to the latest version.

For more information, please check the official public release.

If you have questions, don’t hesitate to contact our support team.

People that read this article also liked

Critical Vulnerabilities Found on PageLayer Page Builder Plugin Critical Security Flaw in outdated WooCommerce NAB Transact Plugin WordPress Websites Security Breach – Outbreak of Malicious File Attacks WordPress 5.7 “Esperanza” + WooCommerce 5.1 Released