: Sites hosted directly on Nicepage must ensure SSL is correctly applied to avoid security warnings in browsers like Firefox.
: The plugin registered several "REST API" endpoints meant for saving page designs and uploading assets. Missing ID Checks nicepage website builder exploit
Like any website builder, Nicepage is not immune to security concerns and potential exploits. Some potential issues include: : Sites hosted directly on Nicepage must ensure
Because the plugin can make administrative paths visible, attackers often use this information to launch more targeted automated attacks. Some potential issues include: Because the plugin can
When used as a plugin, Nicepage interacts with the host CMS, which can introduce specific "exploit" vectors if not configured correctly. Broken Access Control: A notable past issue involved password-protected pages
Even for logged-in editors, Nicepage failed to properly sanitize custom CSS classes and inline styles. Attackers with author-level access (or via CSRF) could inject JavaScript into button hover states or custom HTML blocks. This payload would fire whenever any visitor viewed the page.
