CVE-2021-24243
WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
05 may 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Productos afectados
bitorbit · WPBakery Page Builder (Visual Composer) Clipboard¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →