← voltar
CVE-2021-24243

WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)

EPSS 0.7%CWE-79
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 mai 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Produtos afetados
bitorbit · WPBakery Page Builder (Visual Composer) Clipboard

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://codecanyon.net/item/visual-composer-clipboard/8897711https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3