The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.
6.4CVSS
5.2AI Score
0.001EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin <= 6.13.0 versions.
6.5CVSS
5.2AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Classic Addons Classic Addons β WPBakery Page Builder allows Stored XSS.This issue affects Classic Addons β WPBakery Page Builder: from n/a through 3.0.
6.5CVSS
6.5AI Score
0.0004EPSS