{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2104", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-07T19:01:44.124Z", "datePublished": "2025-03-13T04:21:04.607Z", "dateUpdated": "2026-04-08T16:44:21.399Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:44:21.399Z"}, "affected": [{"vendor": "softaculous", "product": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.9.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site."}], "title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e3897fb-0f40-4111-8a7d-60415e1f9f96?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3253356%40pagelayer&new=3253356%40pagelayer&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Brian Sans-Souci"}], "timeline": [{"time": "2025-03-12T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-17T21:25:35.776071Z", "id": "CVE-2025-2104", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-17T21:29:08.562Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2104", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-17T21:25:35.776071Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-17T21:25:37.066Z"}}], "cna": {"title": "Page Builder: Pagelayer \u2013 Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication", "credits": [{"lang": "en", "type": "finder", "value": "Brian Sans-Souci"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "softaculous", "product": "Page Builder: Pagelayer \u2013 Drag and Drop website builder", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.9.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-12T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e3897fb-0f40-4111-8a7d-60415e1f9f96?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3253356%40pagelayer&new=3253356%40pagelayer&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-03-13T04:21:04.607Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2104", "state": "PUBLISHED", "dateUpdated": "2025-03-17T21:29:08.562Z", "dateReserved": "2025-03-07T19:01:44.124Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-13T04:21:04.607Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pagelayer:pagelayer:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "39B65811-2719-45F8-BDB0-481E6DE87B8B", "versionEndExcluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site."}, {"lang": "es", "value": "El complemento Page Builder: Pagelayer \u2013 Drag and Drop website builder para WordPress es vulnerable a la publicaci\u00f3n no autorizada de entradas debido a una validaci\u00f3n insuficiente de la funci\u00f3n pagelayer_save_content() en todas las versiones hasta la 1.9.8 incluida. Esto permite que atacantes autenticados, con acceso de Ccolaborador o superior, eludan la moderaci\u00f3n de entradas y publiquen entradas en el sitio."}], "id": "CVE-2025-2104", "lastModified": "2025-05-26T02:13:09.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-13T05:15:28.303", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3253356%40pagelayer&new=3253356%40pagelayer&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e3897fb-0f40-4111-8a7d-60415e1f9f96?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:50:23.100224+00:00", "value": {"mitigation_remediation": ["Upgrade the Page Builder: Pagelayer plugin to the latest available version (1.9.9 or later) where the authorization check has been corrected.", "If an upgrade is infeasible, modify WordPress user roles to remove publishing permissions from Contributors and any roles below Administrator.", "Consider disabling the pagelayer_save_content functionality or restricting access to it via role-based capabilities until a fix can be applied.", "Conduct a review of recently published posts to identify any entries that may have been posted via this vulnerability and revert or delete them as necessary."], "summary": {"action": "Patch", "impact": "Unauthorized Post Publication"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to all installations of the Pagelayer plugin for WordPress running version 1.9.8 or earlier. The plugin is distributed under the vendor Softaculous and is commonly found in WordPress environments that use the Drag and Drop website builder component.", "description_and_impact": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress contains an authorization flaw in the pagelayer_save_content() function, preventing proper access control checks on content submissions. Consequently, authenticated users with Contributor level or higher can bypass the moderation process and publish posts directly, thereby compromising content integrity and potentially allowing malicious or inappropriate material to appear on the site. This weakness is categorized as CWE-862, indicating insufficient authorization controls.", "risk_and_exploitability": "The CVSS score of 4.3 reflects a moderate severity, while the EPSS score of less than 1% indicates a low likelihood of widespread exploitation at present. The flaw is not listed in the CISA KEV catalog. Attackers would need legitimate access to the WordPress admin interface with Contributor or higher capabilities; no remote code execution or privilege escalation outside the WordPress application layer is required. Once authenticated, an attacker can send a payload to the pagelayer_save_content endpoint and cause the system to publish a post, effectively altering site content without permission."}}}}, "created": "2026-04-22T18:00:05.478240+00:00", "updated": "2026-04-22T18:00:05.478252+00:00", "vendors": []}