cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10175,https://securityvulnerability.io/vulnerability/CVE-2024-10175,Pricing Tables Vulnerable to Stored Cross-Site Scripting,"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Pricing Tables For WPbakery Page Builder (formerly Visual Composer),6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-27T06:41:28.887Z,0
CVE-2024-10172,https://securityvulnerability.io/vulnerability/CVE-2024-10172,Stored XSS Vulnerability in Visual Composer Plugin,"The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes within the plugin's void_wbwhmcse_laouts_search shortcode. This vulnerability is present in all versions up to and including 1.0.4. It enables authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will execute when users access the compromised page, potentially compromising the integrity of user sessions and data.",Wordpress,WPbakery Visual Composer Whmcs Elements,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-21T02:06:45.218Z,0
CVE-2024-5709,https://securityvulnerability.io/vulnerability/CVE-2024-5709,Plugin Vulnerability: Local File Inclusion in WPBakery Visual Composer,"The WPBakery Visual Composer plugin for WordPress is exposed to a Local File Inclusion vulnerability impacting all versions up to and including 7.7. Exploitation of this vulnerability could allow authenticated attackers, specifically those with Author-level access or higher, to include arbitrary files on the server via the 'layout_name' parameter. Given that these attackers also possess post permissions granted by an Administrator, they can execute PHP code embedded in these files, potentially leading to unauthorized access, data leakage, and significant risks to the integrity of the website. This issue underscores the importance of maintaining up-to-date plugin versions and implementing strict user permissions.",Wordpress,WPbakery Visual Composer,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,2024-08-06T05:31:59.492Z,0
CVE-2024-5708,https://securityvulnerability.io/vulnerability/CVE-2024-5708,Stored Cross-Site Scripting Vulnerability Affects WPBakery Visual Composer Plugin,"The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-06T05:31:58.857Z,0
CVE-2024-5265,https://securityvulnerability.io/vulnerability/CVE-2024-5265,Stored Cross-Site Scripting Vulnerability in WPBakery Visual Composer,"The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-13T06:42:51.823Z,0
CVE-2024-1840,https://securityvulnerability.io/vulnerability/CVE-2024-1840,Stored Cross-Site Scripting Vulnerability Affects wpbakery Plugin,"The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:39.691Z,0
CVE-2024-1805,https://securityvulnerability.io/vulnerability/CVE-2024-1805,Stored Cross-Site Scripting Vulnerability in WPBakery Plugin for WordPress,"The WPBakery plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability that arises from inadequate input sanitization and output escaping in the button onclick attribute. This flaw impacts all versions up to and including 7.5, enabling authenticated attackers with contributor privileges or higher to inject arbitrary scripts into webpages. Consequently, any user visiting an affected page may unwittingly execute malicious web scripts, potentially compromising their security.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:15.985Z,0
CVE-2024-1842,https://securityvulnerability.io/vulnerability/CVE-2024-1842,Stored Cross-Site Scripting Vulnerability in WPBakery Plugin for WordPress,"The WPBakery Page Builder plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability. This flaw arises from inadequate input sanitization and output escaping concerning the Custom Heading tag attribute. Authenticated users with contributor privileges or higher can exploit this weakness to inject malicious web scripts into pages. These scripts execute whenever users visit the compromised pages, leading to potential data theft or other malicious actions. It's critical for website administrators to update to the latest version to mitigate the risks associated with this vulnerability.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:12.201Z,0
CVE-2024-1841,https://securityvulnerability.io/vulnerability/CVE-2024-1841,Stored Cross-Site Scripting Vulnerability in WPBakery Plugin for WordPress,"The WPBakery plugin for WordPress is susceptible to Stored Cross-Site Scripting due to flawed input sanitization and output escaping in the Post Title tag attribute. This vulnerability allows authenticated attackers, possessing contributor access or higher, to embed malicious scripts that can be executed when users view the affected pages. All versions up to and including 7.5 are at risk, potentially compromising the security of websites that utilize this plugin.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:51:58.288Z,0
CVE-2023-0368,https://securityvulnerability.io/vulnerability/CVE-2023-0368,Responsive Tabs For WPBakery Page Builder  <= 1.1 - Contributor+ Stored XSS,"The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Responsive Tabs For WPbakery Page Builder (formerly Visual Composer),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2023-06-19T11:15:00.000Z,0
CVE-2023-1274,https://securityvulnerability.io/vulnerability/CVE-2023-1274,Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI,"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks",Wordpress,Pricing Tables For WPBakery Page Builder (formerly Visual Composer),6.5,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2023-04-17T13:15:00.000Z,0
CVE-2023-0367,https://securityvulnerability.io/vulnerability/CVE-2023-0367,Pricing Tables For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS,"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Pricing Tables For WPBakery Page Builder (formerly Visual Composer),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-04-17T13:15:00.000Z,0
CVE-2021-24243,https://securityvulnerability.io/vulnerability/CVE-2021-24243,WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS),"An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.",Wordpress,WPbakery Page Builder (visual Composer) Clipboard,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2021-05-06T13:15:00.000Z,0
CVE-2021-24244,https://securityvulnerability.io/vulnerability/CVE-2021-24244,WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update,"An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).",Wordpress,WPbakery Page Builder (visual Composer) Clipboard,6.5,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2021-05-06T13:15:00.000Z,0