WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Pagelayer safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Pagelayer WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: pagelayer
  • Requires PHP: 5.5+

Known vulnerabilities

  • CVE-2020-36383 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.3.5 (XSS) · Medium
  • CVE-2020-36384 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.3.5 (XSS) · Medium
  • CVE-2020-35944 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.1.2 (XSS) · High
  • CVE-2020-35947 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.1.2 (XSS) · High
  • Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.3.5
+ 30 more known vulnerabilities
  • Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.3.5
  • Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.7
  • Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.7
  • CVE-2023-4687 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.7 (XSS) · Medium
  • CVE-2023-5087 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.8 (XSS) · Medium
  • CVE-2023-49196 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.8 (Missing Authorization) · Medium
  • Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.8
  • CVE-2023-6738 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.9 (CWE-20) · Medium
  • Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.7
  • CVE-2023-5124 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.0 (XSS) · Medium
  • CVE-2024-1590 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.3 (XSS) · Medium
  • CVE-2023-7115 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.1 (XSS) · Medium
  • CVE-2024-2127 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.4 (XSS) · Medium
  • CVE-2024-2504 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.5 (XSS) · Medium
  • CVE-2024-30465 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.2 (Missing Authorization) · Medium
  • CVE-2024-43972 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.8 (XSS) · Medium
  • CVE-2025-24573 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.9.5 (XSS) · Medium
  • CVE-2025-1926 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.9.9 (CSRF) · Medium
  • CVE-2024-13430 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.9.9 (Improper Access Control) · Medium
  • CVE-2025-2104 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.0 (Missing Authorization) · Medium
  • Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.8 (XSS) · Medium
  • Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.9.0 (XSS) · Medium
  • CVE-2024-13427 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.1 (XSS) · Medium
  • CVE-2025-4223 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.1 (XSS) · Medium
  • CVE-2025-12366 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.6 (CWE-639) · Medium
  • CVE-2026-2442 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.8
  • CVE-2026-2509 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.9
  • CVE-2026-39469 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.9 · Medium
  • CVE-2026-3297 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.1.0 (XSS) · Medium
  • CVE-2026-2470 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.1.0 (Incorrect Authorization) · Medium

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.