PageLayer < 1.7.7 - Unauthenticated Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.