Cross-site Scripting Vulnerability in Universal Video Player Addon for WPBakery Page Builder
CVE-2025-53559

7.1HIGH

Key Information:

Vendor: WordPress
Status: Universal Video Player - Addon For WPbakery Page Builder
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-53559?

A Cross-site Scripting (XSS) vulnerability exists in the Universal Video Player Addon for WPBakery Page Builder, allowing attackers to inject malicious scripts into web pages. This vulnerability can be exploited by sending crafted requests, which could result in the execution of arbitrary scripts in the user's browser. The impact is particularly concerning as it could lead to unauthorized access to user sessions, data exfiltration, or further exploitation of the web application.

Affected Version(s)

Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1

References

https://patchstack.com/database/wordpress/plugin/lbg-univ...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Jul 3, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)