Visualcomposer Visual Composer Website Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Visualcomposer Visual Composer Website Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-35653 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer…
CVE-2025-46254 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer…
CVE-2022-2430 — CVSS 6.4 (medium): The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in…
CVE-2022-2516 — CVSS 6.4 (medium): The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in…
CVE-2020-36722 — CVSS 5.5 (medium): The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient…