Recommendation – WordPress 5.5.1 Is Fixing Issue That Broke Millions Of Websites
These types of vulnerabilities are described by the way an attacker trying to get control of the browsers of the visitors by using malicious scripts that are placed on the website surreptitiously. The attack is known as Authenticated Stored Cross-Site Scripting Vulnerability. In this vulnerability, the script is placed by the attacker on its own on the website, but the attacker must have the website credentials for attacking.
vc_raw_html, and button using
Affected Page Builder
The issue came to light in July 2020, which WP bakery tried to solve in late August but some of the other problems were still there. The second patch for solving this vulnerability came out in early September which was followed by the final one on September 24, 2020