CVE-2021-24243
N/A
N/A
Summary
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| bitorbit | WPBakery Page Builder (Visual Composer) Clipboard | 4.5.0 < 4.5.0* | affected |
| bitorbit | WPBakery Page Builder (Visual Composer) Clipboard | 4.5.6 < 4.5.6 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3
- https://codecanyon.net/item/visual-composer-clipboard/8897711
References
- https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3
- https://codecanyon.net/item/visual-composer-clipboard/8897711
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.