CVE-2021-24243
WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Affected products
bitorbit · WPBakery Page Builder (Visual Composer) ClipboardWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →