PageLayer, a fairly popular plug-in in WordPress is having two critical vulnerabilities. These could allow remote hackers to wipe or modify the contents of your site and even inject malicious script for other exploits. Wordfence, which discovered the flaws have informed the plug-in’s developers and a patch update was made available on May 6th. Yet, there are more than 100k sites still at risk.
Can Wipe out Everything!
Wordfence has discovered a similar threat in Google’s plug-in earlier this month. And now, it’s back with findings in another plug-in from PageLayer, a drag-and-drop page builder used by over 200,000 users. PageLayer’s older versions are having two critical flaws that can be exploited for altering the site’s contents/settings and even takeover wholly.
Updating to the latest version is the only solution for this. Site administrators are advised to update the plug-in from their dashboards or by downloading the new version, 1.1.2 directly from PageLayer site.
This was released on May 6th, and more than 85,000 sites have updated to the latest version. Yet, there are still 100,000 sites still having this flaw uncovered, and may compromise of attackers are interested.
Update here: PageLayer v1.1.2