CVE-2025-48276

May 19, 2025 invoker category_cve

CVE Details

Basic Information

Title	CVE-2025-48276
Type	cve
Published	2025-05-19T15:15:31
Last Seen	2025-05-19T15:18:33

CVSS Information

Base Score	6.5 (MEDIUM)
Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	REQUIRED
Scope	CHANGED
Confidentiality Impact	LOW
Integrity Impact	LOW
Availability Impact	LOW

AI Analysis

AI Description	A stored XSS vulnerability in Visual Composer allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions and data theft.
AI Severity	Medium
Vendor	WordPress Community
Product	Visual Composer Website Builder
Affected Version	Unknown

Additional Information

CVE List	CVE-2025-48276
CWE List	CWE-79
Bulletin Family	cve

Description

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website…

CVSS Score Summary

Base Score: %!f(string=#) (MEDIUM)

View Full CVE Details