Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Visual Composer — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting Visual Composer. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Visual Composer is a WordPress page builder plugin enabling drag-and-drop website creation for businesses and developers. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws due to insufficient input validation and improper access controls. The plugin's six recorded CVEs highlight recurring issues with unsafe deserialization and inadequate capability checks. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched implementations, particularly in environments with default configurations or outdated versions.

Top products by Visual Composer: Visual Composer Website Builder Visual Composer Starter
CVE IDTitleCVSSSeverityPublished
CVE-2025-55709 WordPress Visual Composer Website Builder Plugin < 45.15.0 - Cross Site Scripting (XSS) Vulnerability — Visual Composer Website BuilderCWE-79 6.5 Medium2025-08-14
CVE-2025-48276 WordPress Visual Composer Website Builder plugin <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability — Visual Composer Website BuilderCWE-79 6.5 Medium2025-05-19
CVE-2025-46254 WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability — Visual Composer Website BuilderCWE-79 6.5 Medium2025-04-22
CVE-2024-43263 WordPress Visual Composer Starter theme <= 3.3 - Cross Site Scripting (XSS) vulnerability — Visual Composer StarterCWE-79 6.5 Medium2024-08-18
CVE-2024-35653 WordPress Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin <= 45.8.0 - Cross Site Scripting (XSS) vulnerability — Visual Composer Website BuilderCWE-79 6.5 Medium2024-06-04
CVE-2024-27997 WordPress Visual Composer plugin <= 45.6.0 - Cross Site Scripting (XSS) vulnerability — Visual Composer Website BuilderCWE-79 5.9 Medium2024-03-19

This page lists every published CVE security advisory associated with Visual Composer. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.