cleantalk
Vulnerabilities and Security Researches

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer), CVE-2025-6572

CVE, Research URL

CVE-2025-6572

Home page URL

Security reports for OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)

Application

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)

Published on
Aug 08, 2025
Research Description
The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 1.2.0.
Status
vulnerable
Previous vulnerability researches
StreamWeasels Twitch Integration (CVE-2025-7809) , Aug 02, 2025
StreamWeasels Twitch Integration (41e9b4f8e05e078371de6ed0074689ba4c7ceb10) , Jun 07, 2024
StreamWeasels Twitch Integration (CVE-2024-29766) , Jun 07, 2024
StreamWeasels Twitch Integration (CVE-2024-32716) , Jun 07, 2024
StreamWeasels Twitch Integration (CVE-2024-9897) , Oct 20, 2024
New vulnerability
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) (CVE-2025-6572) , Aug 09, 2025
Prevent files / folders access (CVE-2025-53561) , Aug 09, 2025
Porn Videos Embed (CVE-2025-49061) , Aug 09, 2025
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2025-4796) , Aug 09, 2025
Advanced Custom Fields (ACF) (CVE-2025-54940) , Aug 09, 2025