ReportizFlow
Filtered by vendor Hasthemes
Subscriptions
Filtered by product Wc Builder
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14054 | 3 Hasthemes, Woocommerce, Wordpress | 3 Wc Builder, Woocommerce, Wordpress | 2025-12-24 | 4.4 Medium |
| The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'heading_color' parameter (and multiple other styling parameters) of the `wpbforwpbakery_product_additional_information` shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
Page 1 of 1.