CVE-2024-13427 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin "Page Builder: Pagelayer – Drag and Drop website builder" developed by Softaculous. This vulnerability exists in all versions up to and including 2.0.0 due to improper neutralization of input during web page generation, specifically within the plugin's Button widget. The root cause is insufficient input sanitization and output escaping of user-supplied attributes, allowing authenticated users with contributor-level permissions or higher to inject arbitrary JavaScript code into pages. When other users visit these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the context of the victim's session. The vulnerability was partially addressed in version 1.9.9 and fully remediated in version 2.0.1. The CVSS v3.1 base score is 6.4 (medium severity), reflecting that exploitation requires network access, low attack complexity, privileges at the contributor level, no user interaction, and impacts confidentiality and integrity with a scope change. No known exploits are reported in the wild as of the publication date. This vulnerability highlights the risks of insufficient input validation in web applications, especially in widely used CMS plugins that allow user-generated content and dynamic page building.

For European organizations using WordPress websites with the vulnerable Pagelayer plugin, this vulnerability poses a significant risk to website integrity and user trust. Attackers with contributor-level access—such as internal users, contractors, or compromised accounts—can inject malicious scripts that execute in the browsers of site visitors, including customers and employees. This can lead to theft of authentication cookies, unauthorized actions on behalf of users, defacement, or distribution of malware. Confidential information could be exposed or manipulated, and the organization's reputation could suffer due to compromised web content. Given the widespread adoption of WordPress in Europe for corporate, governmental, and e-commerce websites, the vulnerability could affect a broad range of sectors. The scope change in the CVSS vector indicates that the impact extends beyond the initially compromised component, potentially affecting other parts of the website or user sessions. However, the requirement for contributor-level privileges limits exploitation to insiders or attackers who have already breached lower-level defenses. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits after public disclosure.

European organizations should immediately verify if their WordPress installations use the Pagelayer plugin at versions 2.0.0 or earlier. The primary mitigation is to upgrade the plugin to version 2.0.1 or later, where the vulnerability is fully fixed. Until upgrading is possible, administrators should restrict contributor-level access strictly to trusted users and review existing contributor accounts for suspicious activity. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting the Button widget can provide temporary protection. Additionally, website owners should enable Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts. Regular security audits and monitoring of website content for unauthorized script injections are recommended. Educating content contributors about secure input practices and monitoring logs for unusual page edits can help detect exploitation attempts early. Finally, organizations should maintain timely patch management processes for all WordPress plugins to reduce exposure to similar vulnerabilities.