WordPress Plugin Vulnerabilities

WPBakery Page Builder < 4.7.4 - Multiple Unspecified Cross-Site Scripting (XSS)

Description

The js_composer WordPress plugin was affected by a Multiple Unspecified Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
js_composer
Fixed in 4.7.4

References

URL
https://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431
URL
https://forums.envato.com/t/visual-composer-security-vulnerability-fix/10494/7

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
8c8bff1c-6d45-4673-bdbc-1ea199a43c4b

Timeline

Publicly Published
2015-10-09 (about 10 years ago)
Added
2015-10-11 (about 10 years ago)
Last Updated
2020-10-07 (about 5 years ago)

Other

Published
Title
Published
2025-10-17
Title
XX2WP Integration Tools < 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-10-29
Title
WooCommerce < 10.0.3 - Shop manager+ Stored XSS
Published
2021-08-16
Title
WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code
Published
2026-03-23
Title
WP Review Slider < 14.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2025-07-09
Title
Lana Downloads Manager < 1.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting