WordPress Live Composer plugin <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
PHP Object Injection
Score:
8.8
Fixed in Version 2.0.3

Timeline

Publicly Published
2025-12-31
Created
2025-12-31

WordPress Page Builder: Live Composer plugin <= 2.1.16 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
No Fix Available

Timeline

Publicly Published
2025-12-22
Created
2025-12-24

WordPress Live Composer – Free WordPress Website Builder plugin <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.0.3

Timeline

Publicly Published
2025-12-17
Created
2025-12-17

WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
PHP Object Injection
Score:
8.5
Fixed in Version 1.5.43

Timeline

Publicly Published
2024-06-19
Created
2024-06-19

WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ Shortcode Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 1.5.43

Timeline

Publicly Published
2024-06-19
Created
2024-06-19

WordPress Page Builder: Live Composer plugin <= 2.1.16 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
5.9
No Fix Available

Timeline

Publicly Published
2024-06-18
Created
2024-06-18

WordPress Page Builder: Live Composer plugin <= 1.5.38 - Broken Access Control vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Broken Access Control
Score:
4.7
Fixed in Version 1.5.39

Timeline

Publicly Published
2024-04-23
Created
2024-04-23

WordPress Page Builder: Live Composer plugin <= 1.5.35 - Cross Site Request Forgery (CSRF) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Request Forgery (CSRF)
Score:
5.4
Fixed in Version 1.5.36

Timeline

Publicly Published
2024-04-10
Created
2024-04-10

WordPress Page Builder: Live Composer plugin <= 1.5.25 - PHP Object Injection vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
PHP Object Injection
Score:
7.7
Fixed in Version 1.5.29

Timeline

Publicly Published
2024-01-03
Created
2024-01-03

WordPress Page Builder: Live Composer plugin <= 1.5.23 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 1.5.24

Timeline

Publicly Published
2024-01-03
Created
2024-01-03

WordPress Page Builder: Live Composer Plugin <= 1.5.22 - Contributor+ Stored XSS vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 1.5.23

Timeline

Publicly Published
2023-01-24
Created
2023-02-28