Browse all 4 CVE security advisories affecting visualcomposer. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Visual Composer is a WordPress page builder plugin enabling drag-and-drop website creation. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues. The plugin's extensive functionality and integration with WordPress core have made it a target for attackers seeking to compromise websites. Four CVEs have been recorded, highlighting persistent security challenges. The plugin's complex architecture and frequent updates have introduced potential entry points for exploitation, requiring administrators to maintain vigilance and apply patches promptly to mitigate risks associated with its widespread use in WordPress environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-6880 | Visual Composer Premium <= 45.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Visual Composer Website BuilderCWE-79 | 6.4 | Medium | 2024-03-13 |
| CVE-2020-36722 | Visual Composer <= 26.0 - Multiple Cross-Site Scripting — Visual Composer Website BuilderCWE-79 | 5.5 | Medium | 2023-06-07 |
| CVE-2022-2516 | Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title' — Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon PagesCWE-79 | 6.4 | Medium | 2022-09-06 |
| CVE-2022-2430 | Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block' — Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon PagesCWE-79 | 6.4 | Medium | 2022-09-06 |
This page lists every published CVE security advisory associated with visualcomposer. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.