3 matches found
CVE-2025-14054 WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute
The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headingcolor' parameter and multiple other styling parameters of the wpbforwpbakeryproductadditionalinformation shortcode in all versions up to, and including, 1.2.0 d...
CVE-2025-14054
CVE-2025-14054 concerns WC Builder – WooCommerce Page Builder for WPBakery (WordPress). The vulnerability is a Stored Cross-Site Scripting in the wpbforwpbakery_product_additional_information shortcode, triggered by the heading_color parameter (and other styling params). Affected products/version...
PT-2025-52574
Name of the Vulnerable Software and Affected Versions WC Builder – WooCommerce Page Builder for WPBakery plugin versions prior to 1.2.1 Description The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress contains a Stored Cross-Site Scripting issue. Insufficient input...