cleantalk
Vulnerabilities and Security Researches

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages, CVE-2025-46254

CVE, Research URL

CVE-2025-46254

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Published on
Apr 22, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0.
Affected versions
Min -, max 45.11.0.
Status
vulnerable
Previous vulnerability researches
Seriously Simple Podcasting (CVE-2024-9667) , Nov 05, 2024
Seriously Simple Podcasting (CVE-2024-3751) , Jul 15, 2024
Seriously Simple Podcasting (CVE-2022-40132) , Jun 07, 2024
Seriously Simple Podcasting (CVE-2024-25599) , Jun 07, 2024
Seriously Simple Podcasting (CVE-2022-4571) , Jun 07, 2024
New vulnerability
Simple calendar for Elementor (CVE-2025-46249) , Apr 24, 2025
Social Slider Feed (CVE-2025-0717) , Apr 24, 2025
List Last Changes (CVE-2025-46238) , Apr 24, 2025
MPL-Publisher — Ebook & Audiobook Creator (CVE-2025-46226) , Apr 24, 2025
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages (CVE-2025-46254) , Apr 24, 2025