VYPR

Live Composer

by Live Composer

CVEs (3)

  • CVE-2026-1426HigFeb 18, 2026
    risk 0.50cvss 8.8epss 0.00

    The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible…

  • CVE-2025-14071HigDec 21, 2025
    risk 0.42cvss 7.5epss 0.01

    The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslc_module_posts_output shortcode. This makes it possible for authenticated…

  • CVE-2025-13537MedDec 17, 2025
    risk 0.35cvss 6.4epss 0.00

    The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on…