CVE-2025-2104

Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication

Description

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site.

INFO

Published Date :

2025-03-13T04:21:04.607Z

Last Modified :

2026-04-08T16:44:21.399Z

Source :

Wordfence

AFFECTED PRODUCTS

The following products are affected by CVE-2025-2104 vulnerability.

Vendors	Products
Pagelayer	Pagelayer

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-2104.

URL	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3253356%40pagelayer&new=3253356%40pagelayer&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/2e3897fb-0f40-4111-8a7d-60415e1f9f96?source=cve

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact