Missing Authorization in Dastan800 Visual Builder Plugin
CVE-2025-46488

7.1HIGH

Key Information:

Vendor

WordPress
Status
Visual Builder
Vendor
CVE Published:
23 May 2025

What is CVE-2025-46488?

The Dastan800 Visual Builder plugin contains a vulnerability that allows reflected cross-site scripting (XSS) due to missing authorization. This flaw enables attackers to inject malicious scripts that can execute in the context of a user's browser, potentially compromising sensitive information. It affects all versions from 'n/a' up to and including 1.2.2.

Affected Version(s)

Visual Builder <= 1.2.2

References

https://patchstack.com/database/wordpress/plugin/visual-b...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

astra.r3verii (Patchstack Alliance)
.