Every CVE whose affected-product data names Wpbakery Page Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2024-5709 — CVSS 8.8 (high): The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the…
CVE-2024-43953 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcodingplace Classic Addons –…
CVE-2024-1841 — CVSS 6.4 (medium): The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and…
CVE-2024-1842 — CVSS 6.4 (medium): The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to…
CVE-2025-10006 — CVSS 6.4 (medium): The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rev_slider_vc' shortcode in…
CVE-2025-11160 — CVSS 6.4 (medium): The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to…
CVE-2025-11161 — CVSS 6.4 (medium): The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vc_custom_heading shortcode in all…
CVE-2025-4965 — CVSS 6.4 (medium): The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder…
CVE-2025-4968 — CVSS 6.4 (medium): The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder…
CVE-2020-28650 — CVSS 6.4 (medium): The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS…
CVE-2025-7502 — CVSS 6.4 (medium): The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes in all…
CVE-2024-1805 — CVSS 6.4 (medium): The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and…
CVE-2024-1840 — CVSS 6.4 (medium): The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and…