VYPR
Vendor

Live Composer

Products
2
CVEs
8
Across products
9
Status
Private

Products

2

Recent CVEs

8
  • CVE-2026-1426HigFeb 18, 2026
    risk 0.50cvss 8.8epss 0.00

    The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible…

  • CVE-2024-35780HigJun 19, 2024
    risk 0.48cvss 8.5epss 0.00

    Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.

  • CVE-2025-68598MedDec 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.1.13.

  • CVE-2025-14071HigDec 21, 2025
    risk 0.42cvss 7.5epss 0.01

    The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslc_module_posts_output shortcode. This makes it possible for authenticated…

  • CVE-2024-35768MedJun 21, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows DOM-Based XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.1.11.

  • CVE-2025-13537MedDec 17, 2025
    risk 0.35cvss 6.4epss 0.00

    The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on…

  • CVE-2024-32957MedApr 26, 2024
    risk 0.31cvss 4.7epss 0.00

    Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38.

  • CVE-2024-35779Jun 21, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.