CVE-2025-10006

Name of the Vulnerable Software and Affected Versions WPBakery Page Builder plugin for WordPress versions prior to 8.6

Description The software is susceptible to Stored Cross-Site Scripting through the 'rev slider vc' shortcode due to inadequate input sanitization and output escaping of user-provided attributes. This allows authenticated attackers with contributor-level access or higher to inject malicious web scripts into pages. These scripts will execute when a user accesses the compromised page. This issue requires RevSlider to also be installed for exploitation.

Recommendations Update to a version later than 8.6.