What the vulnerability does
01Description
Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.
Explanation of Vulnerability in Simple Terms
Livemesh Addons for WPBakery Page Builder versions up to 3.9.4 contain a cross-site scripting vulnerability. An authenticated user with low privileges can inject malicious scripts that execute in other users' browsers when they view affected pages. The vulnerability requires user interaction and can affect site visitors across the application.
What an attacker can do
Inject malicious scripts that run in other users' browsers to steal data or perform actions on their behalf.
Potential impact on your site
Authenticated users can inject scripts affecting other visitors; site reputation and visitor data at risk if exploited.
Conditions required to exploit
Attacker needs a low-privilege WordPress account and must trick a site visitor into viewing a page containing the malicious payload.
Key dates
External resources
Related vulnerabilities