Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages, CVE-2022-2516

CVE, Research URL: CVE-2022-2516
Home page URL: Security reports for Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
Application: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
Published on: Sep 06, 2022
Research Description: The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max 27.0.
Status: vulnerable

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode &amp; Coming Soon Pages, CVE-2022-2516