WPBakery Page Builder Template Block Vulnerability

MEDIUM (6.4) No Patch (2 days)
cwe-79page-builderphpvulnerability-typewordpresswpbakery-plugin

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 7%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The App Landing Template Blocks for WPBakery (Visual Composer) Page Builder plugin is a WordPress extension used to create custom page templates. The vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which can execute when accessed.

Am I affected?

Specific version info not stated in the advisory.

Affected Products

Automattic / WPBakery Page Builder

How to fix

Upgrade to WPBakery Page Builder version 2.0.3 or later: https://wordpress.org/plugins/wp-bakery-page-builder/
- Immediate mitigations:
- Restrict contributor-level access (if applicable)
- Monitor for suspicious template modifications

References