CVE-2023-46211
WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.14 is vulnerable to Cross Site Scripting (XSS)Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.
We have discovered 95,580 live websites that are affected by CVE-2023-46211.
Affected Software
| Product |  Visual Composer Ultimate Addons |
| Category | Widgets |
| Vulnerable Domains | 95,580 live websites (64.64% of Visual Composer Ultimate Addons install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 87 versions ( 83.65% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Oct 27, 2023
- Updated - Sep 6, 2024
Credits
- Rafie Muhammad (Patchstack) (finder)
CWE
CVE References
CWE References
CVE-2023-46211 usage by Country
 United States | 29,966 websites |
 Germany | 11,568 websites |
 France | 6,332 websites |
 GB | 3,904 websites |
 Spain | 3,267 websites |
 Italy | 3,244 websites |
 Russia | 3,184 websites |
 Netherlands | 2,535 websites |
 Poland | 2,225 websites |
 Australia | 1,846 websites |
CVE-2023-46211 usage by TLD
| .com | 39,262 websites |
| .de | 5,509 websites |
| .org | 3,161 websites |
| .co.uk | 2,906 websites |
| .it | 2,902 websites |
| .ru | 2,548 websites |
| .nl | 2,379 websites |
| .com.au | 2,264 websites |
| .fr | 2,057 websites |
| .com.br | 1,991 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-46211
Top websites that are affected by CVE-2023-46211. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.com | United States | **,*** | |
| *******.de | Germany | **,*** | |
| **********.com | United States | **,*** | |
| ********.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| ***.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| **************************.pt |  Portugal | **,*** |
FAQ
CVE-2023-46211 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Visual Composer Ultimate Addons
A total of 95,580 websites have been identified as vulnerable to CVE-2023-46211, discovered through global website indexing conducted by WebTechSurvey.
Visual Composer Ultimate Addons is susceptible to CVE-2023-46211 vulnerability.
Visual Composer Ultimate Addons versions before, and including, 3.19.14 are vulnerable to CVE-2023-46211.