2 matches found
CVE-2022-2430 Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block'
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to t...
CVE-2022-2430
CVE-2022-2430 refers to the WordPress Visual Composer Website Builder plugin (≤ 45.0). The vulnerability is a stored cross-site scripting (XSS) in the Text Block feature caused by insufficient input sanitization and output escaping, enabling authenticated users with editor access to inject script...