CVE-2023-5087 is a medium-severity vulnerability classified as CWE-79 (Cross-Site Scripting, XSS) affecting the WordPress plugin "Page Builder: Pagelayer" in versions prior to 1.7.8, specifically noted in version 1.3.2. The vulnerability arises because the plugin does not properly sanitize or restrict the insertion of JavaScript code within a post's header or footer sections by users with author-level privileges or higher. This means that any authenticated user with at least author rights can embed malicious JavaScript payloads that will execute in the context of users viewing the affected pages. The vulnerability requires user interaction (visiting the compromised page) and privileges at the author level or above, which is a moderate barrier to exploitation but still significant given that many WordPress sites grant author privileges to trusted contributors or editors. The vulnerability impacts confidentiality and integrity by allowing script injection that could lead to session hijacking, privilege escalation, or defacement, but does not directly affect availability. The scope is limited to WordPress sites using the vulnerable plugin versions, which are publicly available and popular for page building. No known exploits are currently reported in the wild, and no official patches or updates are linked yet, though the fixed version is 1.7.8 or later. The vulnerability is network exploitable (remote) but requires authentication and user interaction, with a CVSS v3.1 score of 5.4 (medium).

For European organizations using WordPress sites with the Page Builder: Pagelayer plugin, this vulnerability poses a risk of targeted attacks where malicious insiders or compromised author accounts could inject harmful scripts. This can lead to theft of user credentials, session tokens, or the injection of further malware, potentially compromising sensitive customer or internal data. Organizations in sectors such as e-commerce, media, education, and government that rely on WordPress for public-facing websites could see reputational damage and loss of user trust if exploited. The vulnerability could also facilitate lateral movement within an organization's web infrastructure if attackers escalate privileges or pivot from compromised user sessions. While the direct impact on availability is low, the integrity and confidentiality risks could be significant, especially if combined with social engineering or phishing campaigns. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often weaponize such vulnerabilities once publicly disclosed.

1. Immediately upgrade the Page Builder: Pagelayer plugin to version 1.7.8 or later where the vulnerability is fixed. 2. Restrict author-level privileges strictly to trusted users and review user roles to minimize the number of users who can add or edit post headers and footers. 3. Implement Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on WordPress sites. 4. Regularly audit posts and pages for unauthorized or suspicious JavaScript code, especially in header and footer sections. 5. Employ Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting WordPress plugins. 6. Monitor user activity logs for unusual behavior from author or higher-privilege accounts. 7. Educate content authors and editors about the risks of inserting untrusted code and enforce strict content review processes. 8. Consider disabling the ability to add custom scripts in headers/footers if not essential for site functionality.