230 matches found
SAP NetWeaver Visual Composer Metadata Uploader 代码问题漏洞
SAP NetWeaver Visual Composer Metadata Uploader is a tool for modeling assistance from SAP. A file upload vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader. The vulnerability is due to an unauthenticated agent uploading potentially malicious executable binaries because the...
CVE-2025-46254
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0...
CVE-2025-46254
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.10.0...
CVE-2025-46254
CVE-2025-46254 affects the Visual Composer Website Builder WordPress plugin (versions through 45.10.0). The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Exploitation could occur via stored inputs that are rendere...
CVE-2025-46254 WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.10.0...
CVE-2025-46254 WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.10.0...
VulnCheck KEV: CVE-2017-9844
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer...
VulnCheck KEV: CVE-2025-31324
SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries...
PT-2025-17518 · Unknown · Visual Composer Website Builder
Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder versions through 45.10.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables attackers to...
WordPress plugin Visual Composer Website Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...
CVE-2024-5709
The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layoutname' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an...
CVE-2024-10172
The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2024-10172
The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2024-10172 WPBakery Visual Composer WHMCS Elements <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via void_wbwhmcse_laouts_search Shortcode
The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
WordPress WPBakery Visual Composer WHMCS Elements Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software WPBakery Visual Composer WHMCS Elements Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10172 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 30c8a799718e Credits...
PT-2024-16086 · WordPress · Wpbakery Visual Composer Whmcs Elements
Name of the Vulnerable Software and Affected Versions: WPBakery Visual Composer WHMCS Elements plugin for WordPress versions up to, and including, 1.0.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied...
CVE-2024-43263
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3...
CVE-2024-43263
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3...
CVE-2024-43263 WordPress Visual Composer Starter theme <= 3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3...
CVE-2024-43263
Technical details about CVE-2024-43263 are not provided in the supplied Connected documents. Public sources in Initial document describe Stored XSS in Visual Composer Starter version up to 3.3, but no concrete exploit specifics, mitigations, or affected product/version beyond that.