CVE-2024-1805 in Visual Composer Plugin
Summary
by MITRE • 05/02/2024
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/29/2025
The vulnerability identified as CVE-2024-1805 affects the wpbakery plugin for WordPress, a widely used page builder tool that enables users to create complex web layouts without requiring extensive coding knowledge. This particular flaw exists in all versions up to and including 7.5 of the plugin, representing a significant security risk for WordPress installations that rely on this popular content creation framework. The vulnerability manifests as a stored cross-site scripting issue that occurs when processing button onclick attributes within the plugin's interface, making it particularly dangerous because the malicious scripts persist in the database and execute automatically when affected pages are accessed.
The technical root cause of this vulnerability stems from inadequate input sanitization and output escaping mechanisms within the wpbakery plugin's codebase. Specifically, when administrators or users with contributor-level privileges create or modify content using the plugin's button functionality, the onclick attribute values are not properly validated or escaped before being stored in the WordPress database. This failure to implement proper security controls means that malicious input can be stored as legitimate content and subsequently executed whenever the affected page is rendered. The vulnerability is classified as a stored XSS attack because the malicious script is permanently saved in the application's data store rather than being reflected in a single request, allowing it to affect multiple users over time.
The operational impact of CVE-2024-1805 is substantial for WordPress administrators and website owners who utilize the wpbakery plugin. Attackers with contributor-level access or higher can leverage this vulnerability to inject malicious scripts that could perform various harmful actions including cookie theft, session hijacking, redirecting users to malicious websites, or even executing arbitrary code on vulnerable systems. Since the vulnerability requires only contributor-level privileges, it represents a particularly concerning risk for sites where multiple users have editing capabilities, as a single compromised account could provide attackers with a foothold to execute persistent attacks across the entire user base. The stored nature of the vulnerability means that once a malicious script is injected, it will continue to execute for all users who access the affected pages until the injection is removed or the plugin is updated.
Organizations affected by this vulnerability should immediately implement several mitigation strategies to protect their WordPress installations. The primary and most effective remediation is to update the wpbakery plugin to the latest available version where this vulnerability has been patched. Additionally, administrators should consider implementing strict access controls and limiting contributor privileges to only trusted users who require such permissions. Input validation and output escaping mechanisms should be enhanced through custom code modifications or by implementing additional security layers such as web application firewalls that can detect and block malicious script injections. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and it maps to ATT&CK technique T1566.001 which covers social engineering through malicious content injection. Organizations should also conduct thorough security audits of their WordPress installations to identify any other potentially vulnerable plugins or themes that might be susceptible to similar attacks, as this represents a common pattern in web application security vulnerabilities where insufficient sanitization allows malicious code execution.