EUVD-2026-32104

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcacarousel and lvcapostscarousel shortcode attributes in all versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. Specifically,...

WordPress plugin WPBakery Page Builder Addons by Livemesh 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application add-on. The WordPre...

PT-2026-43547

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvca admin ajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce...

WordPress plugin WPBakery Page Builder Addons by Livemesh 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-62748

CVE-2025-62748 affects Web and WooCommerce Addons for WPBakery Builder. The connected vulnerability listing identifies it as an Unauthenticated Cross-Site Scripting issue in the add-on (version range: up to 1.5). The initial description describes a DOM/JS-based XSS scenario, while the Wordfence e...

WordPress Extensive VC Addons for WPBakery Page Builder 1.9.0 Code Execution

WordPress Extensive VC Addons for WPBakery Page Builder version 1.9.0 suffers from a remote execution vulnerability. Exploit Title: Extensive VC Addons for WPBakery page builder 1.9.1 - Unauthenticated RCE Date: 12 march 2025 Exploit Author: Ravina Vendor Homepage: wprealize Version: 1.9.1 Tested...

WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Modification vulnerability discovered by Lucio Sá in WordPress Plugin Web and WooCommerce Addons for WPBakery Builder versions = 1.4.5...

WordPress Plugin WPBakery Page Builder Addons by Livemesh 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin WPBakery Page Builder Addons by Livemes...

CVE-2023-0159

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...