Stored Cross-Site Scripting in WPBakery Page Builder Plugin by Simple Pricing Tables
CVE-2024-13582
5.4MEDIUM
Key Information:
- Vendor
- Labibahmed42
- Status
- Simple Pricing Tables For WPbakery Page Builder(formerly Visual Composer)
- Vendor
- CVE Published:
- 18 February 2025
Summary
The Simple Pricing Tables For WPBakery Page Builder plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability. This issue arises from inadequate input sanitization and output escaping regarding the 'wdo_simple_pricing_table_free' shortcode across all versions up to and including 1.0. Authenticated attackers with contributor-level access can exploit this vulnerability to inject malicious scripts into pages, which will execute when users access the affected content. Proper security measures must be taken to mitigate the risk of exploitation.
Affected Version(s)
Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) * <= 1.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Peter Thaleikis