| CVE-2026-3480 | WP Blockade <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter | burlingtonbytes | WP Blockade – Visual Page Builder | Medium | 6.5 | 2026-04-08 06:43:39 | Deep Dive |
| CVE-2025-69390 | WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability | themebon | Business Template Blocks for WPBakery (Visual Composer) Page Builder | - | - | 2026-02-20 15:46:55 | Deep Dive |
| CVE-2025-30631 | WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Cross Site Scripting (XSS) Vulnerability | AA-Team | Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) | High | 7.1 | 2026-01-06 20:30:34 | Deep Dive |
| CVE-2025-30628 | WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) plugin <= 1.2 - SQL Injection Vulnerability | AA-Team | Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) | High | 8.5 | 2025-12-31 20:03:50 | Deep Dive |
| CVE-2025-14119 | App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | themebon | App Landing Template Blocks for WPBakery (Visual Composer) Page Builder | Medium | 6.4 | 2025-12-12 03:20:46 | Deep Dive |
| CVE-2025-8605 | Gutenify - Visual Site Builder Blocks & Site Templates <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block | codeyatri | Gutenify – Visual Site Builder Blocks & Site Templates. | Medium | 6.4 | 2025-11-18 08:27:34 | Deep Dive |
| CVE-2025-55709 | WordPress Visual Composer Website Builder Plugin < 45.15.0 - Cross Site Scripting (XSS) Vulnerability | Visual Composer | Visual Composer Website Builder | Medium | 6.5 | 2025-08-14 18:21:31 | Deep Dive |
| CVE-2025-6572 | OpenStreetMap for Gutenberg and WPBakery Page Builder <= 1.2.0 - Contributor+ Stored XSS | Unknown | OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) | 中危 | - | 2025-08-08 06:00:04 | Deep Dive |
| CVE-2025-46488 | WordPress Visual Builder plugin <= 1.2.2 - Broken Access Control vulnerability | dastan800 | Visual Builder | High | 7.1 | 2025-05-23 12:43:41 | Deep Dive |
| CVE-2025-48276 | WordPress Visual Composer Website Builder plugin <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability | Visual Composer | Visual Composer Website Builder | Medium | 6.5 | 2025-05-19 14:45:26 | Deep Dive |
| CVE-2025-46254 | WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability | Visual Composer | Visual Composer Website Builder | Medium | 6.5 | 2025-04-22 09:53:36 | Deep Dive |
| CVE-2025-2573 | Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | zia420 | Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) | Medium | 6.4 | 2025-03-26 02:23:49 | Deep Dive |
| CVE-2024-13592 | Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Local File Inclusion | labibahmed42 | Team Builder For WPBakery Page Builder(Formerly Visual Composer) | High | 7.5 | 2025-02-19 07:32:15 | Deep Dive |
| CVE-2024-13591 | Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | labibahmed42 | Team Builder For WPBakery Page Builder(Formerly Visual Composer) | Medium | 6.4 | 2025-02-19 07:32:14 | Deep Dive |
| CVE-2024-13582 | Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | labibahmed42 | Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) | Medium | 6.4 | 2025-02-18 04:21:21 | Deep Dive |
| CVE-2025-0859 | Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function | boldgrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.5 | 2025-02-06 09:21:18 | Deep Dive |
| CVE-2024-10175 | Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wdo_pricing_tables Shortcode | labibahmed42 | Pricing Tables For WPBakery Page Builder (formerly Visual Composer) | Medium | 6.4 | 2024-11-27 06:41:29 | Deep Dive |
| CVE-2024-6848 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload | boldgrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.4 | 2024-07-20 11:18:28 | Deep Dive |
| CVE-2024-35653 | WordPress Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin <= 45.8.0 - Cross Site Scripting (XSS) vulnerability | Visual Composer | Visual Composer Website Builder | Medium | 6.5 | 2024-06-04 14:11:23 | Deep Dive |
| CVE-2024-4400 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting | boldgrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.4 | 2024-05-16 11:05:29 | Deep Dive |