CVE-2021-24243
WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Productos afectados
bitorbit · WPBakery Page Builder (Visual Composer) Clipboard¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →