Cross-site Scripting Vulnerability in WPBakery Visual Composer WHMCS Elements by Voidcoders
CVE-2025-68574

Currently unrated

Key Information:

Vendor

WordPress
Status
WPbakery Visual Composer Whmcs Elements
Vendor
CVE Published:
24 December 2025

What is CVE-2025-68574?

A Cross-site Scripting vulnerability exists in the WPBakery Visual Composer WHMCS Elements plugin, allowing attackers to inject malicious scripts into web pages. This issue allows for DOM-Based XSS, potentially compromising the security of users interacting with affected web pages. The vulnerability impacts versions up to and including 1.0.4.3, highlighting the importance of updating to secure versions to protect against such threats.

Affected Version(s)

WPBakery Visual Composer WHMCS Elements <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/void...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68574 : Cross-site Scripting Vulnerability in WPBakery Visual Composer WHMCS Elements by Voidcoders