OpenStreetMap for Gutenberg and WPBakery Page Builder

5.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Description

The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Basic Information

ID CVE-2025-6572

Source WPScan

Published Aug 8, 2025 at 06:00

Modified Aug 8, 2025 at 18:06

Affected Product

Vendor Unknown

Product OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)

Affected Versions Unknown OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) 0

CWE Classification

References

wpscan.com /vulnerability/58c7a8ac-1acd-45b7-abe5-5635fbb5d4c1/

{
    "lastseen": "",
    "description": "The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",
    "published": "2025-08-08T06:00:04.313Z",
    "modified": "2025-08-08T18:06:09.215Z",
    "type": "cve",
    "title": "OpenStreetMap for Gutenberg and WPBakery Page Builder <= 1.2.0 - Contributor+ Stored XSS",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/58c7a8ac-1acd-45b7-abe5-5635fbb5d4c1/",
    "id": "CVE-2025-6572",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OpenStreetMap for Gutenberg and WPBakery Page Builder <= 1.2.0 - Contributor+ Stored XSS_CVE-2025-6572