WordPress · Wpbakery Page Builder (Visual Composer) Clipboard · CVE-2021-24243
**Name of the Vulnerable Software and Affected Versions**
WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin versions prior to 4.5.6
**Description**
The issue concerns an AJAX action in the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin that lacks capability checks and sanitization. This allows users with low privileges (subscriber and above) to call the action and set XSS payloads, which are then triggered on all backend pages.
**Recommendations**
For WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin versions prior to 4.5.6, update to version 4.5.6 or later to resolve the issue.