13 matches found
CVE-2025-55709
CVE-2025-55709 is a storage XSS flaw in the Visual Composer Website Builder plugin. The vulnerability arises from improper input neutralization during web page generation, enabling stored XSS in the affected plugin. Evidence from multiple sources indicates the vulnerability affects the Visual Com...
WordPress Visual Composer Website Builder plugin <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Visual Composer Website Builder versions = 45.11.0...
PT-2025-21982 · Unknown · Visual Composer Website Builder
Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder versions through 45.11.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS in Visual Composer Website...
PT-2025-17518 · Unknown · Visual Composer Website Builder
Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder versions through 45.10.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables attackers to...
CVE-2024-35653
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer.This issue affects Visual Composer Website Builder: from n/a through = 45.8.0...
WordPress Visual Composer Website Builder Plugin <= 45.8.0 is vulnerable to Cross Site Scripting (XSS)
Software Visual Composer Website Builder Type Plugin Vulnerable versions = 45.8.0 Fixed in 45.9.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35653 Patch priority Low CVSS severity Low 6.5 Developer Visual Composer PSID 608be0fe1f1f Credits savphill Required...
CVE-2024-27997
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer.This issue affects Visual Composer Website Builder: from n/a through = 45.6.0...
CVE-2023-6880
The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitizatio...
CVE-2023-6880 Visual Composer Premium <= 45.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitizatio...
CVE-2022-2516 Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title'
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access t...
WordPress plugin Visual Composer Website Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2022-16590 · WordPress · Visual Composer Website Builder
Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder plugin for WordPress versions up to and including 45.0 Description: The issue arises from insufficient input sanitization and output escaping in the 'Text Block' feature, allowing authenticated attackers with...
Visual Composer Website Builder < 45.0.1 - Authenticated Stored XSS via Text Block
The plugin does not sanitise and escape its Text Block fields, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks PoC Create a post using the plugin editor, add a Text Block and put the following payload in its content: The XSS will be triggered whe...