CVE Catalog

CVE-2026-57754

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The Livemesh Addons for WPBakery Page Builder plugin version 3.9.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in the Contributor functionality. This allows an attacker to inject malicious JavaScript code into the page.

Risk Assessment

The risk involves potential session hijacking, redirection to malicious sites, or theft of sensitive data, which could compromise the organization's security and reputation.

Recommendation

It is recommended to immediately update the Livemesh Addons for WPBakery Page Builder plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS