cleantalk
Vulnerabilities and Security Researches

Extensive VC Addons for WPBakery page builder, CVE-2023-0159

CVE, Research URL

CVE-2023-0159

Home page URL

Security reports for Extensive VC Addons for WPBakery page builder

Application

Extensive VC Addons for WPBakery page builder

Published on
Feb 13, 2023
Research Description
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
Affected versions
max 1.9.1.
Status
vulnerable
Previous vulnerability researches
Extensive VC Addons for WPBakery page builder (CVE-2025-14475) , Jan 11, 2026
Extensive VC Addons for WPBakery page builder (CVE-2025-60087) , Feb 27, 2026
Extensive VC Addons for WPBakery page builder (CVE-2023-0159) , Jun 07, 2024
New vulnerability
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-24951) , Feb 27, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-27440) , Feb 27, 2026
eDS Responsive Menu (CVE-2025-68845) , Feb 27, 2026
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscription (CVE-2025-13732) , Feb 27, 2026
Run Contests, Raffles, and Giveaways with ContestsWP (CVE-2026-25023) , Feb 27, 2026