PLUGIN SECURITY
Is Pagelayer safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Pagelayer WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
pagelayer - Requires PHP: 5.5+
Known vulnerabilities
- CVE-2020-36383 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.3.5 (XSS) · Medium
- CVE-2020-36384 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.3.5 (XSS) · Medium
- CVE-2020-35944 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.1.2 (XSS) · High
- CVE-2020-35947 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.1.2 (XSS) · High
- Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.3.5
+ 30 more known vulnerabilities
- Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.3.5
- Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.7
- Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.7
- CVE-2023-4687 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.7 (XSS) · Medium
- CVE-2023-5087 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.8 (XSS) · Medium
- CVE-2023-49196 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.8 (Missing Authorization) · Medium
- Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.8
- CVE-2023-6738 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.9 (CWE-20) · Medium
- Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.7.7
- CVE-2023-5124 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.0 (XSS) · Medium
- CVE-2024-1590 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.3 (XSS) · Medium
- CVE-2023-7115 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.1 (XSS) · Medium
- CVE-2024-2127 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.4 (XSS) · Medium
- CVE-2024-2504 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.5 (XSS) · Medium
- CVE-2024-30465 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.2 (Missing Authorization) · Medium
- CVE-2024-43972 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.8 (XSS) · Medium
- CVE-2025-24573 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.9.5 (XSS) · Medium
- CVE-2025-1926 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.9.9 (CSRF) · Medium
- CVE-2024-13430 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.9.9 (Improper Access Control) · Medium
- CVE-2025-2104 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.0 (Missing Authorization) · Medium
- Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.8.8 (XSS) · Medium
- Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 1.9.0 (XSS) · Medium
- CVE-2024-13427 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.1 (XSS) · Medium
- CVE-2025-4223 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.1 (XSS) · Medium
- CVE-2025-12366 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.6 (CWE-639) · Medium
- CVE-2026-2442 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.8
- CVE-2026-2509 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.9
- CVE-2026-39469 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.0.9 · Medium
- CVE-2026-3297 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.1.0 (XSS) · Medium
- CVE-2026-2470 — Page Builder: Pagelayer – Drag and Drop website builder [pagelayer] < 2.1.0 (Incorrect Authorization) · Medium
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Elementor Website Builder – more than just a page builder — 10000000+ active installs — max PHP 8.4
- Classic Editor — 9000000+ active installs — max PHP 8.4
- Classic Widgets — 2000000+ active installs — max PHP 8.4
- Advanced Editor Tools — 1000000+ active installs — max PHP 8.4
- Spectra Legacy – Gutenberg Blocks — 1000000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.