Vulnerability Details CVE-2021-24243
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.7%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-24243
-
cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:4.5.0
-
cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:4.5.1
-
cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:4.5.2
-
cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:4.5.3
-
cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:4.5.4
-
cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:4.5.5