Multiple Vulnerability Discovered in PageLayer Plugin < 1.1.2
https://www.wordfence.comPageLayer WordPress plugin has 200,000+ active installations, it’s a popular WordPress page builder plugin. In versions prior to 1.1.2 there re multiple vulnerabilities that allow attackers forge a request on behalf of a site’s administrator to modify the settings of the plugin which could allow for malicious Javascript injection, another vulnerability allows attackers with subscriber-level and above permissions the ability to update and modify posts with malicious content, amongst many other things.
The issue has been fixed in Version 1.1.4 which is available now from the WordPress Plugin Repo.