Cross site scripting

2022-09-0618:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

cross-site scripting

visual composer

0.001 Low

EPSS

Percentile

19.4%

JSON

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page ‘Title’ value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CPENameOperatorVersion
visual_composer_website_builderle45.0

CPE	Name	Operator	Version
	visual_composer_website_builder	le	45.0

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2778808%40visualcomposer&new=2778808%40visualcomposer&sfp_email=&sfph_mail=

www.wordfence.com/vulnerability-advisories/

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for PRION:CVE-2022-2516