Lucene search
K

13 matches found

CVE
CVE
added 2025/08/14 6:21 p.m.23 views

CVE-2025-55709

CVE-2025-55709 is a storage XSS flaw in the Visual Composer Website Builder plugin. The vulnerability arises from improper input neutralization during web page generation, enabling stored XSS in the affected plugin. Evidence from multiple sources indicates the vulnerability affects the Visual Com...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/19 4:33 p.m.4 views

WordPress Visual Composer Website Builder plugin <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Visual Composer Website Builder versions = 45.11.0...

6.5CVSS6AI score0.00225EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.3 views

PT-2025-21982 · Unknown · Visual Composer Website Builder

Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder versions through 45.11.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS in Visual Composer Website...

6.5CVSS6AI score0.00225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.6 views

PT-2025-17518 · Unknown · Visual Composer Website Builder

Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder versions through 45.10.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables attackers to...

6.5CVSS6.8AI score0.00178EPSS
Exploits0References8
NVD
NVD
added 2024/06/04 3:15 p.m.24 views

CVE-2024-35653

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer.This issue affects Visual Composer Website Builder: from n/a through = 45.8.0...

6.5CVSS6.4AI score0.00279EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/03 12:0 a.m.14 views

WordPress Visual Composer Website Builder Plugin <= 45.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Visual Composer Website Builder Type Plugin Vulnerable versions = 45.8.0 Fixed in 45.9.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35653 Patch priority Low CVSS severity Low 6.5 Developer Visual Composer PSID 608be0fe1f1f Credits savphill Required...

6.5CVSS6.6AI score0.00279EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/19 5:15 p.m.21 views

CVE-2024-27997

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer.This issue affects Visual Composer Website Builder: from n/a through = 45.6.0...

5.9CVSS5.7AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.20 views

CVE-2023-6880

The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitizatio...

6.4CVSS5.7AI score0.00416EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.38 views

CVE-2023-6880 Visual Composer Premium <= 45.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitizatio...

6.4CVSS5.8AI score0.00416EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/06 5:18 p.m.6 views

CVE-2022-2516 Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title'

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access t...

6.4CVSS5.7AI score0.00489EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.4 views

WordPress plugin Visual Composer Website Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.9AI score0.00489EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.5 views

PT-2022-16590 · WordPress · Visual Composer Website Builder

Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder plugin for WordPress versions up to and including 45.0 Description: The issue arises from insufficient input sanitization and output escaping in the 'Text Block' feature, allowing authenticated attackers with...

6.4CVSS5.2AI score0.00489EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2022/08/29 12:0 a.m.22 views

Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block

The plugin does not sanitise and escape its Text Block fields, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks PoC Create a post using the plugin editor, add a Text Block and put the following payload in its content: The XSS will be triggered whe...

6.4CVSS1.8AI score0.00489EPSS
Exploits1Affected Software1
Rows per page
Query Builder