PageLayer < 1.7.9 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘pagelayer_header_code’, ‘pagelayer_body_open_code’, and ‘pagelayer_footer_code’ meta fields due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.