| CVE编号 | CVE-2025-1926 |
|---|---|
| 发布日期 | 2025-03-10T04:21:10.711Z |
| 更新日期 | 2025-03-10T17:04:32.142Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | softaculous |
| 受影响的产品 | Page Builder: Pagelayer – Drag and Drop website builder |
| 描述 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. This makes it possible for unauthenticated attackers to modify post contents via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. |
参考链接:
