Plattform
wordpress
Komponente
pagelayer
Behoben in
2.0.8
CVE-2026-2442 is a CRLF Injection vulnerability affecting the Pagelayer – Drag and Drop website builder plugin for WordPress. This vulnerability allows unauthenticated attackers to inject arbitrary email headers by manipulating form fields, potentially leading to email abuse. This affects versions up to and including 2.0.7. The vulnerability is fixed in version 2.0.8.
The primary impact of CVE-2026-2442 is the ability for unauthenticated attackers to inject arbitrary email headers. This can be exploited by sending malicious emails through the plugin's contact form handler. Attackers could potentially manipulate the 'Bcc' or 'Cc' fields to send emails to unintended recipients, or even inject other headers to alter email delivery behavior. While direct data theft is unlikely, the ability to abuse the form email delivery mechanism poses a significant risk. The blast radius is limited to the email addresses associated with the plugin's contact form.
CVE-2026-2442 was published on 2026-03-28. Public proof-of-concept (POC) code is currently unavailable. The vulnerability's EPSS score is pending evaluation. There are no known active campaigns targeting this vulnerability at this time. Refer to the WordPress security advisory for further details.
Exploit-Status
EPSS
0.10% (28% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2026-2442 is to upgrade the Pagelayer WordPress plugin to version 2.0.8 or later. As a temporary workaround, consider disabling the contact form functionality until the upgrade can be performed. Implement input validation and sanitization on all form fields to prevent CRLF injection attacks. Regularly review WordPress plugin updates and security advisories. After upgrading, test the contact form to ensure that email headers cannot be manipulated.
Aktualisieren Sie auf Version 2.0.8 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
A CRLF (Carriage Return Line Feed) sequence is a combination of two characters: a carriage return (\r) and a line feed (\n). It is used to indicate the end of a line of text in many operating systems and communication protocols.
If CRLF sequences are not neutralized correctly, they can be used to inject malicious code or manipulate the behavior of systems. In this case, they allow email header injection.
If you cannot update the plugin immediately, consider temporarily disabling the contact form or implementing additional security measures, such as input validation on the server-side.
Review server logs for suspicious activity related to the contact form. Look for emails sent to unknown recipients or with unusual subjects.
There are WordPress vulnerability scanners that can detect this vulnerability. You can also perform manual testing by submitting contact forms with CRLF characters in the input fields.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.