4 matches found
CVE-2021-24243
An AJAX action registered by the WPBakery Page Builder Visual Composer Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users subscriber+ to call it and set XSS payloads, which will be triggered in all backend pages...
CVE-2021-24243
An AJAX action registered by the WPBakery Page Builder Visual Composer Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users subscriber+ to call it and set XSS payloads, which will be triggered in all backend pages...
CVE-2021-24243
CVE-2021-24243 affects the WPBakery Page Builder Clipboard WordPress plugin (before 4.5.6). The vulnerability arises from an AJAX action lacking capability checks and input sanitization, allowing low-privilege users (subscriber+) to submit crafted payloads that trigger XSS on all backend pages. P...
CVE-2021-24243 WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)
An AJAX action registered by the WPBakery Page Builder Visual Composer Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users subscriber+ to call it and set XSS payloads, which will be triggered in all backend pages...