PT-2021-15786 · WordPress · Wpbakery Page Builder (Visual Composer) Clipboard

Charles Strader Sweethill

Published

2021-05-05

Updated

2021-05-13

CVE-2021-24243

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin versions prior to 4.5.6

Description The issue concerns an AJAX action in the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin that lacks capability checks and sanitization. This allows users with low privileges (subscriber and above) to call the action and set XSS payloads, which are then triggered on all backend pages.

Recommendations For WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin versions prior to 4.5.6, update to version 4.5.6 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-24243

Affected Products

Wpbakery Page Builder (Visual Composer) Clipboard

PT-2021-15786 · WordPress · Wpbakery Page Builder (Visual Composer) Clipboard

CVE-2021-24243

Weakness Enumeration

Related Identifiers

Affected Products

References · 4