Medium severity6.5NVD Advisory· Published Jun 4, 2024· Updated Jun 17, 2026
CVE-2024-35653
CVE-2024-35653
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer.This issue affects Visual Composer Website Builder: from n/a through <= 45.8.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:visualcomposer:visual_composer_website_builder:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:visualcomposer:visual_composer_website_builder:*:*:*:*:*:wordpress:*:*range: <45.9.0
- (no CPE)range: <=45.8.0
Patches
Vulnerability mechanics
References
2- patchstack.com/database/vulnerability/visualcomposer/wordpress-visual-composer-website-builder-landing-page-builder-custom-theme-builder-maintenance-mode-coming-soon-pages-plugin-45-8-0-cross-site-scripting-xss-vulnerabilitynvdThird Party Advisory
- patchstack.com/database/Wordpress/Plugin/visualcomposer/vulnerability/wordpress-visual-composer-website-builder-landing-page-builder-custom-theme-builder-maintenance-mode-coming-soon-pages-plugin-45-8-0-cross-site-scripting-xss-vulnerabilitynvd
News mentions
0No linked articles in our index yet.