CVE-2024-2127 in Page Builder Plugin
Summary
by MITRE • 03/07/2024
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/12/2026
The vulnerability identified as CVE-2024-2127 affects the Pagelayer WordPress plugin, a drag-and-drop website builder that has been widely adopted for creating dynamic web content. This plugin serves as a critical component in WordPress ecosystems, enabling users to construct pages through visual interface interactions rather than direct code editing. The affected versions range from the initial release through 1.8.3, representing a substantial user base that could potentially be exposed to this security flaw. The vulnerability specifically targets the plugin's handling of custom attributes within its page building interface, creating a persistent security risk that can be exploited by attackers with relatively low privileges.
The technical flaw manifests through inadequate input sanitization and output escaping mechanisms within the plugin's codebase. When administrators or contributors add custom attributes to page elements, the plugin fails to properly validate or escape these inputs before storing them in the database. This insufficient sanitization creates a stored cross-site scripting vulnerability where malicious scripts can be permanently embedded within the page content. The vulnerability is particularly concerning because it operates at the privilege level of contributors, which typically includes users who can create and edit posts, pages, and media files. This means that even users with limited administrative rights can potentially compromise the entire WordPress installation through this vector.
The operational impact of this vulnerability extends beyond simple script injection, as it can enable attackers to execute arbitrary web scripts in the context of any user who accesses pages containing the malicious content. This creates a persistent threat that can affect all users who view affected pages, regardless of their authentication status. Attackers could leverage this vulnerability to steal user sessions, perform unauthorized actions on behalf of legitimate users, or redirect visitors to malicious websites. The stored nature of the vulnerability means that the malicious code remains active until manually removed, potentially providing attackers with extended periods of access to compromised systems. This vulnerability directly aligns with CWE-79, which describes Cross-Site Scripting flaws, and represents a clear violation of secure coding practices that should prevent untrusted data from being executed as code.
The threat landscape for this vulnerability is particularly concerning given the widespread adoption of the Pagelayer plugin across WordPress installations. Attackers with contributor-level access could exploit this weakness to establish persistent footholds within WordPress environments, potentially leading to full system compromise. The vulnerability's exploitation requires minimal technical skill and can be automated, making it attractive to threat actors seeking to maximize their impact with minimal effort. Organizations should consider implementing additional security measures such as privileged user access controls, regular security audits, and monitoring for unusual activity patterns that might indicate exploitation attempts. Mitigation strategies should include immediate plugin updates to versions that address the vulnerability, along with comprehensive security reviews of all custom attributes and user permissions within WordPress installations. This vulnerability also highlights the importance of proper input validation and output escaping as fundamental security practices that should be implemented across all web applications to prevent similar issues from occurring in other components of the system.