CVE-2025-11161 | WPBakery Page Builder Plugin up to 8.6.1 on WordPress vc_custom_heading font_container cross site scripting

Full Article URL: https://vuldb.com/?id.328516
Textarea URL (this page): <a href="https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzayMDU0AwCQQgj4_2025-10-14">https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzayMDU0AwCQQgj4_2025-10-14
Source: https://vuldb.com/?rss.recent
Vuldb: https://vuldb.com
Publication date: 2025-10-14 20:42:49
Last retrieval: 2025-10-15 06:45:47.734064

20:42 - 14 Oct 2025

vuldb.com

A vulnerability was found in WPBakery Page Builder Plugin up to 8.6.1 on WordPress. It has been classified as problematic. Affected by this vulnerability is the function vc_custom_heading. Performing manipulation of the argument font_container results in cross site scripting. This vulnerability is known as CVE-2025-11161. Remote exploitation of the attack is possible. No exploit is available.

https://vuldb.com/?id.328516

Article info: