2 matches found
CVE-2022-2516
CVE-2022-2516 affects the Visual Composer Website Builder WordPress plugin (versions up to 45.0). The root cause is insufficient input sanitization and output escaping for the post/page Title, enabling authenticated editors to inject arbitrary scripts that execute when pages are viewed. Affected ...
CVE-2022-2430
CVE-2022-2430 refers to the WordPress Visual Composer Website Builder plugin (≤ 45.0). The vulnerability is a stored cross-site scripting (XSS) in the Text Block feature caused by insufficient input sanitization and output escaping, enabling authenticated users with editor access to inject script...