Vulnerabilities

CVE-2021-24243

by Fred · 05/05/2021

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.

Date published : 2021-05-05

https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3

https://codecanyon.net/item/visual-composer-clipboard/8897711

Similar

Tags: Cybersecurity Alert