Lucene search
+L

230 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:51 a.m.6 views

CVE-2023-0368

The Responsive Tabs For WPBakery Page Builder formerly Visual Composer WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...

5.4CVSS5.1AI score0.00444EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.10 views

CVE-2022-2516

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access t...

6.4CVSS5.8AI score0.00508EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:28 p.m.9 views

CVE-2022-2430

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to t...

6.4CVSS5.8AI score0.00508EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:36 p.m.8 views

CVE-2020-36722

The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser...

5.5CVSS6.3AI score0.00728EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:13 p.m.5 views

CVE-2025-48276

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.11.0...

6.5CVSS5.9AI score0.00225EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/19 4:33 p.m.7 views

WordPress Visual Composer Website Builder plugin <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Visual Composer Website Builder versions = 45.11.0...

6.5CVSS6AI score0.00225EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/05/19 3:15 p.m.9 views

CVE-2025-48276

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.11.0...

6.5CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 2:45 p.m.28 views

CVE-2025-48276

CVE-2025-48276 affects Visual Composer Website Builder (WordPress plugin). It is an stored Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation, impacting Visual Composer Website Builder versions through 45.11.0 (and earlier). Public references ind...

6.5CVSS5.9AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 2:45 p.m.17 views

CVE-2025-48276 WordPress Visual Composer Website Builder plugin <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.11.0...

6.5CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 2:45 p.m.3 views

CVE-2025-48276 WordPress Visual Composer Website Builder <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.11.0...

6.5CVSS6.4AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.3 views

WordPress plugin Visual Composer Website Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.4 views

PT-2025-21982 · Unknown · Visual Composer Website Builder

Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder versions through 45.11.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS in Visual Composer Website...

6.5CVSS6AI score0.00225EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/05/19 12:0 a.m.10 views

The vulnerability of the MetadataUploader function in the Visual Composer tool of the SAP NetWeaver software integration platform allows a hacker to execute arbitrary code.

The vulnerability of the MetadataUploader function in the Visual Composer tool of the SAP NetWeaver software integration platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted HT...

9.1CVSS8.3AI score0.12522EPSS
Exploits3References4
NCSC
NCSC
added 2025/05/13 9:5 a.m.16 views

Vulnerabilities fixed in SAP products

SAP has fixed multiple vulnerabilities in various SAP products, including NetWeaver, NetWeaver Visual Composer, SAP GUI, pcde, Business Objects, HANA and other components. The vulnerabilities include an unlimited file upload error that allows unauthenticated users to upload malicious files, which...

10CVSS9.4AI score0.99406EPSS
Exploits19References1
OSV
OSV
added 2025/05/13 1:15 a.m.3 views

CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.99406EPSS
Exploits19References4
Cvelist
Cvelist
added 2025/05/13 12:17 a.m.131 views

CVE-2025-42999 Insecure Deserialization in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

9.1CVSS0.12522EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2025/05/13 12:17 a.m.10 views

CVE-2025-42999 Insecure Deserialization in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

9.1CVSS7AI score0.12522EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.12 views

CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. Recent assessments: Assessed Attacker...

9.1CVSS6.9AI score0.12522EPSS
In wildExploits3References3
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.6 views

PT-2025-20812

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Visual Composer affected versions not specified Description The issue arises when a privileged user uploads untrusted or malicious content, which upon deserialization, could compromise the confidentiality, integrity, and...

9.1CVSS7.4AI score0.12522EPSS
Exploits3References78
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.8 views

SAP NetWeaver Visual Composer Metadata Uploader 安全漏洞

SAP NetWeaver Visual Composer Metadata Uploader is a component in SAP NetWeaver for uploading metadata. A deserialization vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader that originates from deserializing malicious content, which can be exploited by an attacker to cause a...

10CVSS6.7AI score0.99406EPSS
Exploits19References3
Rows per page
Query Builder