CVE-2024-2079 in WPBakery Page Builder Addons Plugininfo

Summary

by MITRE • 03/14/2024

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'per_line_mobile' shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/07/2025

The vulnerability identified as CVE-2024-2079 affects the WPBakery Page Builder Addons plugin by Livemesh, a popular WordPress plugin used for creating custom page layouts and elements. This plugin integrates with the WPBakery Page Builder to extend its functionality with additional features and shortcodes. The vulnerability specifically resides in the 'per_line_mobile' shortcode implementation, which is designed to control mobile display settings for page elements. The issue impacts all versions of the plugin up to and including version 3.8.1, making it a significant concern for WordPress site administrators who rely on this plugin for their website development needs.

The technical flaw stems from inadequate input sanitization and output escaping mechanisms within the plugin's codebase. When users input data through the 'per_line_mobile' shortcode attributes, the plugin fails to properly validate or sanitize this user-supplied content before processing it. This insufficient sanitization creates a pathway for malicious actors to inject malicious scripts that can persist within the plugin's data storage. The vulnerability is classified as stored cross-site scripting because the malicious code is stored on the server and executed whenever affected pages are accessed by other users, rather than requiring immediate interaction with a malicious link.

The operational impact of this vulnerability is particularly concerning given the permission level required to exploit it. Attackers need only contributor-level access or higher to successfully inject malicious scripts, which represents a relatively low barrier to entry in most WordPress environments. Contributors typically have the ability to create and edit posts and pages, making this attack vector particularly dangerous in multi-user WordPress installations where contributors may have access to sensitive content creation features. When successful, the stored XSS attack allows attackers to execute arbitrary web scripts in the context of affected users' browsers, potentially leading to session hijacking, data theft, or further exploitation of the compromised systems.

The vulnerability aligns with CWE-79 which defines Cross-Site Scripting as a weakness that occurs when an application includes untrusted data in a new web page without proper validation or escaping, or when it reuses a plain text string that should have been a parameter or variable. From an ATT&CK perspective, this vulnerability maps to T1566.001 - Phishing via Social Media, as attackers could potentially use this vulnerability to deliver malicious payloads through compromised contributor accounts, and T1548.001 - Abuse of Functionality, where the legitimate plugin functionality is being exploited for malicious purposes. The attack chain typically involves an attacker with contributor privileges creating a malicious page or post containing the XSS payload, which then executes whenever other users view the affected content, potentially leading to broader compromise of the WordPress installation or user sessions.

Organizations should immediately update to the latest version of the WPBakery Page Builder Addons plugin to remediate this vulnerability, as no patches or workarounds are available for the affected versions. Administrators should also implement strict monitoring of user activities, particularly for users with contributor privileges, and consider implementing additional security measures such as content security policies to mitigate potential impact. Regular security audits of installed WordPress plugins should be conducted to identify similar vulnerabilities, and user permission levels should be carefully managed to limit the potential damage from compromised accounts. The vulnerability underscores the importance of maintaining up-to-date WordPress plugins and the critical need for proper input validation and output escaping in web applications to prevent XSS attacks.

Responsible

Wordfence

Reservation

03/01/2024

Disclosure

03/14/2024

Moderation

accepted

CPE

ready

EPSS

0.00320

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!