cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forvisualcomposer visualcomposer

Direction: ascending
Jun 07, 2024

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages # CVE-2024-35653

CVE, Research URL

CVE-2024-35653

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Date
Jun 04, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in visualcomposer.Com Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.8.0.
Affected versions
Min -, max -.
Status
vulnerable

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages # CVE-2022-2516

CVE, Research URL

CVE-2022-2516

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Date
Sep 06, 2022
Research Description
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages # ef02cb7ba113551547a2db17546c38a3c63b0758

CVE, Research URL

ef02cb7ba113551547a2db17546c38a3c63b0758

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Date
May 18, 2020
Research Description
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages [visualcomposer] < 27.0 WordPress Visual Composer Website Builder plugin <= 26.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities Multiple Cross-Site Scripting (XSS) vulnerabilities discovered by NinTechNet in WordPress Visual Composer Website Builder plugin (versions <= 26.0).
Affected versions
Min -, max -.
Status
vulnerable

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages # CVE-2022-2430

CVE, Research URL

CVE-2022-2430

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Date
Sep 06, 2022
Research Description
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages # CVE-2020-36722

CVE, Research URL

CVE-2020-36722

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Date
Jun 07, 2023
Research Description
The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
Min -, max -.
Status
vulnerable

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages # CVE-2023-6880

CVE, Research URL

CVE-2023-6880

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Date
Mar 13, 2024
Research Description
The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages # CVE-2024-27997

CVE, Research URL

CVE-2024-27997

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Date
Mar 19, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.6.0.
Affected versions
Min -, max -.
Status
vulnerable
Apr 24, 2025

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages # CVE-2025-46254

CVE, Research URL

CVE-2025-46254

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages

Date
Apr 22, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0.
Affected versions
Min -, max -.
Status
vulnerable