Skip to main content

Livemesh Addons For Wpbakery Page Builder

1 CVEs product

Monthly

CVE-2026-57754 MEDIUM This Month

Stored Cross-Site Scripting in Livemesh Addons for WPBakery Page Builder versions 3.9.4 and earlier allows authenticated Contributors to inject persistent malicious scripts into WordPress pages. When a higher-privileged user such as an Editor or Administrator views the affected content, the injected script executes in their browser session - enabling session hijacking, credential theft, or privilege escalation within the WordPress admin panel. No public exploit or CISA KEV listing has been identified at time of analysis, but the low-privilege entry point and Changed scope elevate real-world risk for multi-author WordPress installations.

XSS Livemesh Addons For Wpbakery Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored Cross-Site Scripting in Livemesh Addons for WPBakery Page Builder versions 3.9.4 and earlier allows authenticated Contributors to inject persistent malicious scripts into WordPress pages. When a higher-privileged user such as an Editor or Administrator views the affected content, the injected script executes in their browser session - enabling session hijacking, credential theft, or privilege escalation within the WordPress admin panel. No public exploit or CISA KEV listing has been identified at time of analysis, but the low-privilege entry point and Changed scope elevate real-world risk for multi-author WordPress installations.

XSS Livemesh Addons For Wpbakery Page Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy