PT-2025-52574 · Unknown+2 · Woocommerce+2
Djaidja Moundjid
·
Published
2025-12-21
·
Updated
2025-12-21
·
CVE-2025-14054
CVSS v3.1
4.4
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WC Builder – WooCommerce Page Builder for WPBakery plugin versions prior to 1.2.1
Description
The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress contains a Stored Cross-Site Scripting issue. Insufficient input sanitization and output escaping in the
wpbforwpbakery product additional information shortcode allows authenticated attackers, with Shop Manager-level access or higher, to inject malicious web scripts into pages. These scripts will execute when a user accesses the compromised page. The vulnerability is present due to the lack of proper handling of the heading color parameter, as well as multiple other styling parameters.Recommendations
Update WC Builder – WooCommerce Page Builder for WPBakery plugin to version 1.2.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wc Builder – Woocommerce Page Builder For Wpbakery
Wpbakery
Woocommerce