cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6880,https://securityvulnerability.io/vulnerability/CVE-2023-6880,Stored Cross-Site Scripting Vulnerability in Visual Composer Plugin for WordPress,"The Visual Composer plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability caused by inadequate input sanitization and output escaping. This affects all versions up to 45.6.0, allowing authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts. These injected scripts will execute whenever users access the compromised pages, potentially hijacking sessions, defacing websites, or spreading malware. Website administrators must ensure they upgrade to the latest version and implement proper input validation measures to safeguard against this vulnerability.",Wordpress,"Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:26:52.043Z,0
CVE-2020-36722,https://securityvulnerability.io/vulnerability/CVE-2020-36722,Cross-Site Scripting Vulnerability in Visual Composer Plugin for WordPress,"The Visual Composer plugin for WordPress, in its versions up to and including 26.0, has a vulnerability that allows attackers to exploit insufficient input sanitization and output escaping. This Cross-Site Scripting (XSS) issue can let attackers inject malicious web scripts that run in the browser of unwitting users, potentially leading to data theft or unauthorized actions on the affected site. Website owners using this plugin should apply the necessary patches and updates to safeguard against such threats.",Wordpress,"Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages",5.5,MEDIUM,0.0016899999463930726,false,,false,false,false,,false,false,2023-06-07T01:51:42.848Z,0
CVE-2022-2516,https://securityvulnerability.io/vulnerability/CVE-2022-2516,Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title',"The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages",6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-09-06T17:18:58.000Z,0
CVE-2022-2430,https://securityvulnerability.io/vulnerability/CVE-2022-2430,Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block',"The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages",6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-09-06T17:18:56.000Z,0