{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1926", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-04T11:41:41.756Z", "datePublished": "2025-03-10T04:21:10.711Z", "dateUpdated": "2026-04-08T16:53:15.983Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:53:15.983Z"}, "affected": [{"vendor": "softaculous", "product": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.9.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. This makes it possible for unauthenticated attackers to modify post contents via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/542b6312-b264-49d5-882a-454427c60c8a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/pagelayer/tags/1.9.8/init.php#L477"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Brian Sans-Souci"}], "timeline": [{"time": "2025-02-25T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-03-09T16:20:57.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T17:04:06.223686Z", "id": "CVE-2025-1926", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T17:04:32.142Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1926", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T17:04:06.223686Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T17:04:28.637Z"}}], "cna": {"title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification", "credits": [{"lang": "en", "type": "finder", "value": "Brian Sans-Souci"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "softaculous", "product": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.9.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-25T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-03-09T16:20:57.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/542b6312-b264-49d5-882a-454427c60c8a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/pagelayer/tags/1.9.8/init.php#L477"}], "descriptions": [{"lang": "en", "value": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. This makes it possible for unauthenticated attackers to modify post contents via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:53:15.983Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1926", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:53:15.983Z", "dateReserved": "2025-03-04T11:41:41.756Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-10T04:21:10.711Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pagelayer:pagelayer:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2696A742-C453-457E-B9A9-48AE39D451F4", "versionEndExcluding": "1.9.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. This makes it possible for unauthenticated attackers to modify post contents via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento Page Builder: Pagelayer \u2013 Drag and Drop website builder para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.9.8 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n pagelayer_save_post. Esto permite que atacantes no autenticados modifiquen el contenido de las publicaciones a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-1926", "lastModified": "2025-05-26T02:32:26.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-03-10T05:15:35.347", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/pagelayer/tags/1.9.8/init.php#L477"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/542b6312-b264-49d5-882a-454427c60c8a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T22:01:56.714035+00:00", "value": {"mitigation_remediation": ["Update the Pagelayer plugin to version 1.9.9 or later where the CSRF protection has been added.", "Add or verify nonce checks around the pagelayer_save_post handler to ensure that only requests containing a valid, encrypted token are processed.", "Limit WordPress administrator access to trusted users, enforce strong passwords and two\u2011factor authentication, and educate staff about not clicking unknown links from external sources."], "summary": {"action": "Patch Upgrade", "impact": "Unauthenticated Content Modification via CSRF"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin from Softaculous, in any version up to and including 1.9.8. The vulnerability is present in all versions in that range and would affect all installations using those plugin releases.", "description_and_impact": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Cross\u2011Site Request Forgery because the pagelayer_save_post function does not perform proper nonce validation. This flaw allows an attacker who can trick a site administrator into clicking a crafted link or submitting a forged request to modify the contents of any post that the administrator can edit. The attacker does not need any credentials and can therefore inject or alter content remotely.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a low overall severity, and the EPSS score of less than 1% suggests a very low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Attacks would typically involve a malicious link that forces a logged\u2011in administrator to submit a form, so the attack vector is user interaction with a forged request. While the risk is modest, an uncompromised administrator account grants the attacker the ability to tamper with site content."}}}}, "created": "2026-04-21T22:15:45.895557+00:00", "updated": "2026-04-21T22:15:45.895573+00:00", "vendors": []}