Skip to main content

Wpbakery Page Builder

2 CVEs product

Monthly

CVE-2026-45436 MEDIUM This Month

Broken access control in WPBakery Page Builder (versions ≤ 8.7.2) allows subscriber-level authenticated WordPress users to invoke privileged functionality without proper authorization checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) confirms this is network-exploitable with low complexity and high integrity impact, meaning authenticated low-privilege users can perform content or administrative actions restricted to higher roles such as editor or administrator. No public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV, but WPBakery Page Builder's broad WordPress deployment footprint makes this a real remediation priority for sites with open user registration.

Authentication Bypass Wpbakery Page Builder WPBakery Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5708 MEDIUM This Month

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wpbakery Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in WPBakery Page Builder (versions ≤ 8.7.2) allows subscriber-level authenticated WordPress users to invoke privileged functionality without proper authorization checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) confirms this is network-exploitable with low complexity and high integrity impact, meaning authenticated low-privilege users can perform content or administrative actions restricted to higher roles such as editor or administrator. No public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV, but WPBakery Page Builder's broad WordPress deployment footprint makes this a real remediation priority for sites with open user registration.

Authentication Bypass Wpbakery Page Builder WPBakery Page Builder
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wpbakery Page Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy