Home Forums WoodMart support forum security vulnerability in the plugin WPBackery <=8.5

security vulnerability in the plugin WPBackery <=8.5

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • August 5, 2025 at 9:03 pm #678175

    Leoria
    Participant

    Hello,

    according to WordFence there is a security vulnerability in the plugin WPBackery <=8.5.

    “WPBakery Page Builder for WordPress <= 8.5 – Authenticated (Contributor+) Stored Cross-Site Scripting
    The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to stored cross-site scripting via multiple shortcodes in all versions up to and including 8.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with access to the contributor level and above to inject arbitrary web scripts into pages that are executed as soon as a user accesses an injected page.”

    Even after updating to the latest Woodmart theme 8.2.7, we could not find an update for WPBakery.

    When will the updated version (8.6 or 8.6.1) of WPBakery be made available by you?

    Best regards
    Aram

    August 6, 2025 at 9:21 am #678205

    Artem Temos
    Keymaster

    Hello,

    Thank you for contacting us. We have updated the plugin on our server. You should be able to update it now via WoodMart -> Plugins. Or download the latest version and update the plugin manually https://xtemos.com/my-account/

    Kind Regards

    August 6, 2025 at 3:42 pm #678344

    Leoria
    Participant

    Hello,

    Thank you for your prompt response.
    There is no update available yet via WoodMart -> Plugins, but we were able to download and install the plugin in our account.

    Please feel free to close the ticket.

    Best regards

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)