Livemesh Addons For Wpbakery Page Builder
Monthly
Stored Cross-Site Scripting in Livemesh Addons for WPBakery Page Builder versions 3.9.4 and earlier allows authenticated Contributors to inject persistent malicious scripts into WordPress pages. When a higher-privileged user such as an Editor or Administrator views the affected content, the injected script executes in their browser session - enabling session hijacking, credential theft, or privilege escalation within the WordPress admin panel. No public exploit or CISA KEV listing has been identified at time of analysis, but the low-privilege entry point and Changed scope elevate real-world risk for multi-author WordPress installations.
Stored Cross-Site Scripting in Livemesh Addons for WPBakery Page Builder versions 3.9.4 and earlier allows authenticated Contributors to inject persistent malicious scripts into WordPress pages. When a higher-privileged user such as an Editor or Administrator views the affected content, the injected script executes in their browser session - enabling session hijacking, credential theft, or privilege escalation within the WordPress admin panel. No public exploit or CISA KEV listing has been identified at time of analysis, but the low-privilege entry point and Changed scope elevate real-world risk for multi-author WordPress installations.