PageLayer is a WordPress plugin used by over 200,000 users according to the installation numbers on WordPress plugins entry. Recently, Severe security vulnerabilities have been found in the plugin that can allow the attackers to wipe the content of the plugin user or can help the intruder to take over the site.
Plugin is famous because it helps users with no developer skills to build web pages using drag and drop editor.
Total 2 security vulnerabilities were found, which were reported to the Pagelayer’s developer by Wordfence Threat Intelligence on April 30 and patched on may 6 with the release of version 1.1.2 .
Wordfence said, One flaw can allow any subscribed user and above to update and modify posts with malicious contents, While second flaw allows attackers modify settings of plugin opening doors to Javascript injection.
for more information: https://www.wordfence.com/blog/2020/05/high-severity-vulnerabilities-in-pagelayer-plugin-affect-over-200000-wordpress-sites/