Skip to main content

Envision Page Builder

1 CVEs product

Monthly

CVE-2026-57780 MEDIUM This Month

DOM-Based Cross-Site Scripting in the Envision Page Builder WordPress plugin (versions through 0.22) allows low-privileged authenticated attackers to inject and execute malicious JavaScript in victim browsers via unsanitized page builder input. The scope change (S:C) in the CVSS vector confirms the payload escapes the plugin's own context and can affect the broader WordPress environment, including the admin panel. No public exploit code or active exploitation has been identified at time of analysis, but the stored-or-reflected DOM injection path makes this a realistic avenue for session hijacking or privilege escalation within WordPress installations.

XSS Envision Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

DOM-Based Cross-Site Scripting in the Envision Page Builder WordPress plugin (versions through 0.22) allows low-privileged authenticated attackers to inject and execute malicious JavaScript in victim browsers via unsanitized page builder input. The scope change (S:C) in the CVSS vector confirms the payload escapes the plugin's own context and can affect the broader WordPress environment, including the admin panel. No public exploit code or active exploitation has been identified at time of analysis, but the stored-or-reflected DOM injection path makes this a realistic avenue for session hijacking or privilege escalation within WordPress installations.

XSS Envision Page Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy