VYPR
Medium severity6.4NVD Advisory· Published Nov 16, 2020· Updated Jun 17, 2026

CVE-2020-28650

CVE-2020-28650

Description

The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.