Wpbakery Wpbakery Page Builder

14 CVEs affecting Wpbakery Wpbakery Page Builder. Latest disclosed: 2025-10-18. Critical: 0, High: 1.

Top CVEs affecting Wpbakery Wpbakery Page Builder
CVESeverityScorePublishedSummary
CVE-2024-5709High8.82024-08-06The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' paramet…
CVE-2023-31213Medium6.52023-06-22Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin <= 6.13.0 versions.
CVE-2025-10006Medium6.42025-10-18The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rev_slider_vc' shortcode in all versions up to, a…
CVE-2025-11161Medium6.42025-10-15The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vc_custom_heading shortcode in all versions up to, and incl…
CVE-2025-11160Medium6.42025-10-15The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6…
CVE-2025-7502Medium6.42025-08-06The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes in all versions up to, and inc…
CVE-2025-4968Medium6.42025-07-24The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements (Copyright Element…
CVE-2025-4965Medium6.42025-06-19The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions…
CVE-2024-5708Medium6.42024-08-06The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7…
CVE-2024-5265Medium6.42024-06-13The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in a…
CVE-2024-1842Medium6.42024-05-02The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 d…
CVE-2024-1841Medium6.42024-05-02The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due t…
CVE-2024-1840Medium6.42024-05-02The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due…
CVE-2024-1805Medium6.42024-05-02The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due t…