Visual Composer < 27.0 - Multiple Authenticated Cross-Site Scripting Issues



Description
Jerome Braundet from NinTechNet, discovered multiple Stored Cross-Site Scripting issues, which could allow users with the contributor and above roles to inject arbitrary JavaScript in the blog.

Affects Plugin

fixed in version 27.0

References

URL https://blog.nintechnet.com/multiple-xss-vulnerabilities-fixed-in-wordpress-visual-composer-plugin/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Jerome Bruandet (NinTechNet)
Views 749
Verified No
WPVDB ID 10229

Timeline

Publicly Published 2020-05-18 (8 days ago)
Added 2020-05-18 (7 days ago)
Last Updated 2020-05-19 (6 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin