Ultimate Addons for Visual Composer <= 3.16.11 - Authenticated XSS, CSRF, RCE

Affects Plugin

fixed in version 3.16.12

References

URL http://wphutte.com/ultimate-addons-for-visual-composer-v3-16-10-xss-csrf-rce/
URL https://codecanyon.net/item/ultimate-addons-for-visual-composer/6892199

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter WpHutte
Submitter Website http://wphutte.com
Submitter Twitter @wphutte
Views 12057
Verified No
WPVDB ID 8821

Timeline

Publicly Published 2017-05-15 (about 3 years ago)
Added 2017-05-17 (about 3 years ago)
Last Updated 2019-11-01 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin