The plugin does not sanitise and escape post/page Title, which could allow users with access to the plugin’s editor to perform Cross-Site Scripting attacks
Create a post using the plugin editor and add the following payload in the Title: "> The XSS will be triggered when editing the post again
CPE | Name | Operator | Version |
---|---|---|---|
visualcomposer | lt | 45.0.1 |