3 matches found
CVE-2024-5265
CVE-2024-5265 is a Stored Cross-Site Scripting vulnerability in the WPBakery Visual Composer (WordPress) plugin, affecting versions up to 7.6. The issue arises from insufficient input sanitization and output escaping of attributes used by the vc_single_image shortcode, allowing authenticated user...
CVE-2021-24243
CVE-2021-24243 affects the WPBakery Page Builder Clipboard WordPress plugin (before 4.5.6). The vulnerability arises from an AJAX action lacking capability checks and input sanitization, allowing low-privilege users (subscriber+) to submit crafted payloads that trigger XSS on all backend pages. P...
CVE-2021-24244
CVE-2021-24244 affects the WPBakery Page Builder Clipboard Plugin for WordPress prior to version 4.5.8. The issue arises from an AJAX action registered by the Clipboard plugin that did not perform capability checks, enabling low-privilege users (e.g., subscribers) to update license options (key a...