Visual Composer Website Builder

Vulnerabilities 13Slug visualcomposerLatest version 45.15.0WordPress.org →

Minimum safe version

45.15.0

Update to 45.15.0 or later to address 13 fixable vulnerabilities

Latest available45.15.0 ✓

Medium 6.5

2025-08-14< 45.15.0

CVE-2025-55709

CVE Wordfence EUVD

N/A

2025-05-19< 45.12.0

CVE-2025-48276

CVE Wordfence

N/A

2025-04-22< 45.11.0

WordPress Visual Composer Website Builder Plugin <= 45.10.0 is vulnerable to Cross Site Scripting (XSS)

Patchstack

Medium 5.4

2025-04-22< 45.11.0

CVE-2025-46254

CVE Patchstack Wordfence

Medium 6.5

2024-06-04< 45.9.0

CVE-2024-35653

CVE Patchstack Wordfence

Medium 5.9

2024-03-19< 45.7.0

CVE-2024-27997

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-03-13< 45.7.0

CVE-2023-6880

CVE Wordfence Patchstack WPScan

Medium 5.5

2023-06-07< 27.0

CVE-2020-36722

CVE Patchstack

N/A

2020-05-18< 27.0

Visual Composer <= 26.0 - Multiple Cross-Site Scripting

Wordfence

N/A

< 27.0

Visual Composer < 27.0 - Multiple Authenticated Cross-Site Scripting Issues

WPScan

Medium 5.4

2022-09-06< 45.0.1

CVE-2022-2516

CVE Patchstack Wordfence WPScan

Medium 5.4

2022-09-06< 45.0.1

CVE-2022-2430

CVE Patchstack Wordfence WPScan

N/A

2020-05-18< 27.0

WordPress Visual Composer Website Builder plugin <= 26.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Patchstack