Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpbakery — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting wpbakery. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPBakery serves as a popular WordPress page builder plugin enabling drag-and-drop website design. Historically, it has been susceptible to multiple security vulnerabilities, including remote code execution, cross-site scripting, and privilege escalation, contributing to its 15 recorded CVEs. These issues often stem from insufficient input validation and improper access controls. While no single major incident stands out, the cumulative impact of these vulnerabilities has made WPBakery a frequent target in WordPress security landscapes. Regular updates and proper configuration remain critical for mitigating risks associated with this widely used tool.

Top products by wpbakery: WPBakery Page Builder Templatera
CVE IDTitleCVSSSeverityPublished
CVE-2025-10006 WPBakery Page Builder <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — WPBakery Page BuilderCWE-79 6.4 Medium2025-10-18
CVE-2025-11160 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module — WPBakery Page BuilderCWE-80 6.4 Medium2025-10-15
CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode — WPBakery Page BuilderCWE-80 6.4 Medium2025-10-15
CVE-2025-54747 WordPress Templatera Plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability — TemplateraCWE-79 6.5 Medium2025-08-14
CVE-2025-7502 WPBakery Page Builder for WordPress <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — WPBakery Page BuilderCWE-79 6.4 Medium2025-08-06
CVE-2025-4968 WPBakery Page Builder <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Page Builder Elements — WPBakery Page BuilderCWE-79 6.4 Medium2025-07-24
CVE-2025-4965 WPBakery Page Builder <= 8.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via Grid Builder — WPBakery Page BuilderCWE-79 6.4 Medium2025-06-19
CVE-2024-5708 WPBakery <= 7.7 - Authenticated (Author+) Stored Cross-Site Scripting — WPBakery Page BuilderCWE-79 6.4 Medium2024-08-06
CVE-2024-5709 WPBakery <= 7.7 - Authenticated (Author+) Local File Inclusion — WPBakery Page BuilderCWE-22 8.8 High2024-08-06
CVE-2024-5265 WPBakery Page Builder <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute — WPBakery Page BuilderCWE-79 6.4 Medium2024-06-13
CVE-2024-1840 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author — WPBakery Page BuilderCWE-79 6.4 Medium2024-05-02
CVE-2024-1805 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute — WPBakery Page BuilderCWE-79 6.4 Medium2024-05-02
CVE-2024-1842 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute — WPBakery Page BuilderCWE-79 6.4 Medium2024-05-02
CVE-2024-1841 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute — WPBakery Page BuilderCWE-79 6.4 Medium2024-05-02
CVE-2023-31213 WordPress WPBakery Page Builder Plugin < 6.13.0 is vulnerable to Cross Site Scripting (XSS) — WPBakery Page BuilderCWE-79 6.5 Medium2023-06-22

This page lists every published CVE security advisory associated with wpbakery. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.