Vulnerabilities > Visualcomposer > Visual Composer Website Builder > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2024-35653 | Unspecified vulnerability in Visualcomposer Visual Composer Website Builder Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in visualcomposer.Com Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.8.0. | 5.4 |
| 2024-03-13 | CVE-2023-6880 | Cross-site Scripting vulnerability in Visualcomposer Visual Composer Website Builder The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-06-07 | CVE-2020-36722 | Cross-site Scripting vulnerability in Visualcomposer Visual Composer Website Builder The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. | 4.8 |
| 2022-09-06 | CVE-2022-2430 | Cross-site Scripting vulnerability in Visualcomposer Visual Composer Website Builder The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2022-09-06 | CVE-2022-2516 | Cross-site Scripting vulnerability in Visualcomposer Visual Composer Website Builder The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. | 5.4 |