CVE-2024-27997 MEDIUM

CVE-2024-27997: WordPress Visual Composer plugin <= 45.6.0 - Cross Site Scripting (XSS) vulnerability

Vendor Visual Composer
Product Visual Composer Website Builder
Weakness CWE-79 · XSS
Published March 19, 2024
Last update May 11, 2026
View on NVD All CVEs

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer.This issue affects Visual Composer Website Builder: from n/a through <= 45.6.0.

Key dates

02Disclosure timeline

March 19, 2024 CVE published
May 11, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-30871 WordPress Stock Exporter for WooCommerce Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-8589 Reflected XSS in AKCE Software's SKSPro CVE-2026-27240 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2022-36428 WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability CVE-2024-4373 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer'