CVE-2021-24243

An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Configurations

Configuration 1

cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:*:*:*:*:*:wordpress:*:*

Information

Published : 2021-05-06 01:15

Updated : 2021-05-13 05:40


NVD link : CVE-2021-24243

Mitre link : CVE-2021-24243

Products Affected
No products.
CWE