๐Ÿ” CVE Alert

CVE-2025-2573

MEDIUM 6.4

Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

CVSS Score
6.4
EPSS Score
0.0%
EPSS Percentile
0th

The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CWE CWE-79
Vendor zia420
Product amazing service box addons for wpbakery page builder (formerly visual composer)
Published Mar 26, 2025
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for zia420 amazing service box addons for wpbakery page builder (formerly visual composer)

Be the first to know when new medium vulnerabilities affecting zia420 amazing service box addons for wpbakery page builder (formerly visual composer) are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

zia420 / Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer)
0 โ‰ค 2.0.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f6ce4d-6ca5-4a62-ae84-9dd190fc0392?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/amazing-service-box-visual-composer-addons/trunk/asb_addon.php#L114 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/amazing-service-box-visual-composer-addons/trunk/asb_addon.php#L45 wordpress.org: https://wordpress.org/plugins/amazing-service-box-visual-composer-addons/#developers

Credits

Avraham Shemesh