WordPress plugin Business Template Blocks for WPBakery (Visual Composer) Page Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

EUVD-2025-13738

Malicious code in bioql PyPI...

EUVD-2024-46502

Malicious code in bioql PyPI...

EUVD-2024-46877

Malicious code in bioql PyPI...

CVE-2025-47659

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

CVE-2025-47659

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

CVE-2025-47659 WordPress WPBakery Visual Composer WHMCS Elements plugin <= 1.0.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

CVE-2025-47659 WordPress WPBakery Visual Composer WHMCS Elements <= 1.0.4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements allows Stored XSS. This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through 1.0.4.1...

CVE-2025-47659

CVE-2025-47659 corresponds to a stored XSS in WPBakery Visual Composer WHMCS Elements due to improper input neutralization during web page generation. Affected product: WPBakery Visual Composer WHMCS Elements, versions up to 1.0.4.1 (per CVE description). Base metrics indicate a Medium severity (...

WordPress plugin WPBakery Visual Composer WHMCS Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-5709

The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layoutname' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an...

CVE-2024-10172 WPBakery Visual Composer WHMCS Elements <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via void_wbwhmcse_laouts_search Shortcode

The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

PT-2024-16086 · WordPress · Wpbakery Visual Composer Whmcs Elements

Name of the Vulnerable Software and Affected Versions: WPBakery Visual Composer WHMCS Elements plugin for WordPress versions up to, and including, 1.0.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied...

WordPress WPBakery Visual Composer WHMCS Elements Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WPBakery Visual Composer WHMCS Elements Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10172 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 30c8a799718e Credits...

CVE-2024-5708

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

CVE-2024-5708

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

CVE-2024-5709

The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layoutname' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an...

CVE-2024-5709 WPBakery <= 7.7 - Authenticated (Author+) Local File Inclusion

The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layoutname' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an...

CVE-2024-5709

WPBakery Visual Composer Local File Inclusion (CVE-2024-5709) affects WPBakery Visual Composer up to version 7.7 via the layout_name parameter. Exploitation requires Author-level access (plus post-permissions granted by an Administrator) to include/execute arbitrary PHP files on the server, enabl...

CVE-2024-5708

CVE-2024-5708 affects WPBakery Visual Composer (WordPress) up to version 7.7. Root cause: insufficient input sanitization and output escaping in the link parameter, enabling stored XSS by authenticated users with Author-level access. Impact: arbitrary script execution when pages with injected con...