VYPR

Extensive VC Addons for WPBakery page builder

by WordPress

CVEs (2)

  • CVE-2023-0159HigFeb 13, 2023
    risk 0.56cvss 7.5epss 0.56

    The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file…

  • CVE-2025-14475HigDec 13, 2025
    risk 0.53cvss 8.1epss 0.01

    The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the `extensive_vc_get_module_template_part` function. This is due to insufficient path normalization and validation of the…