Wpbakery

Page Builder

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-10006

  • EPSS 0.03%
  • Veröffentlicht 18.10.2025 06:42:45
  • Zuletzt bearbeitet 26.11.2025 14:52:05

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rev_slider_vc' shortcode in all versions up to, and including, 8.6 due to insufficient input sanitization and output escaping on user suppli...

5.4

CVE-2025-11160

  • EPSS 0.03%
  • Veröffentlicht 15.10.2025 06:43:56
  • Zuletzt bearbeitet 26.11.2025 17:34:06

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied Java...

5.4

CVE-2025-11161

  • EPSS 0.03%
  • Veröffentlicht 15.10.2025 06:43:56
  • Zuletzt bearbeitet 26.11.2025 15:10:01

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vc_custom_heading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper san...

5.4

CVE-2025-7502

  • EPSS 0.05%
  • Veröffentlicht 06.08.2025 01:45:13
  • Zuletzt bearbeitet 26.11.2025 13:37:17

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping on user supplied att...

5.4

CVE-2025-4968

  • EPSS 0.05%
  • Veröffentlicht 24.07.2025 03:39:04
  • Zuletzt bearbeitet 26.11.2025 14:37:26

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements (Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action...

5.4

CVE-2025-4965

  • EPSS 0.02%
  • Veröffentlicht 19.06.2025 06:44:49
  • Zuletzt bearbeitet 10.07.2025 00:01:59

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on ...

5.4

CVE-2024-43953

  • EPSS 0.21%
  • Veröffentlicht 29.08.2024 18:15:12
  • Zuletzt bearbeitet 30.08.2024 16:16:01

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows Stored XSS.This issue affects Classic Addons – WPBakery Page Builder: from n/a t...

8.8

CVE-2024-5709

  • EPSS 0.51%
  • Veröffentlicht 06.08.2024 06:15:34
  • Zuletzt bearbeitet 28.05.2025 19:48:54

The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. This makes it possible for authenticated attackers, with Author-level access and above,...

5.4

CVE-2024-1842

  • EPSS 0.21%
  • Veröffentlicht 02.05.2024 17:15:14
  • Zuletzt bearbeitet 28.05.2025 19:57:05

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authe...

5.4

CVE-2024-1805

  • EPSS 0.2%
  • Veröffentlicht 02.05.2024 17:15:13
  • Zuletzt bearbeitet 28.05.2025 19:58:09

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authentic...