← voltar
CVE-2021-24243

WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)

EPSS 0.7%CWE-79
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Produtos afetados
bitorbit · WPBakery Page Builder (Visual Composer) Clipboard

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://codecanyon.net/item/visual-composer-clipboard/8897711https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3