cleantalk
Vulnerabilities and Security Researches

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages, CVE-2025-48276

CVE, Research URL

CVE-2025-48276

Home page URL

Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Application

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Published on
May 19, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.11.0.
Affected versions
Min -, max 45.12.0.
Status
vulnerable
Previous vulnerability researches
Spiffy Calendar (CVE-2024-38692) , Jul 13, 2024
Spiffy Calendar (CVE-2017-9420) , Jun 07, 2024
Spiffy Calendar (CVE-2022-29434) , Jun 07, 2024
Spiffy Calendar (CVE-2022-46859) , Jun 07, 2024
Spiffy Calendar (CVE-2023-49745) , Jun 07, 2024
New vulnerability
KI Live Video Conferences (CVE-2025-23969) , Jun 15, 2025
KI Live Video Conferences (CVE-2025-23971) , Jun 15, 2025
Interactive Regional Map of Florida (CVE-2025-49441) , Jun 15, 2025
REST API | Custom API Generator For Cross Platform And Import Export In WP (CVE-2025-5288) , Jun 15, 2025
WP Views Counter (CVE-2025-49859) , Jun 15, 2025