← back
CVE-2021-24243

WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)

EPSS 0.7%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Affected products
bitorbit · WPBakery Page Builder (Visual Composer) Clipboard

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://codecanyon.net/item/visual-composer-clipboard/8897711https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3