🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Live Composer – Free WordPress Website Builder

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Live Composer – Free WordPress Website Builder

Information

Software Type	Plugin
Software Slug	live-composer-page-builder (view on wordpress.org)
Software Status	Active
Software Author	livecomposer
Software Website	www.livecomposerplugin.com
Software Downloads	1,433,194
Software Active Installs	10,000
Software Record Last Updated	July 26, 2024

8 Vulnerabilities

Page Builder: Live Composer <= 1.5.42 - Authenticated (Contributor+) PHP Object Injection

7.5

CVE-2024-35780

Jun 19, 2024

Researcher: LVT-tholv2k

Page Builder: Live Composer <= 1.5.42 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-35779

Jun 19, 2024

Researcher: LVT-tholv2k

Page Builder: Live Composer <= 1.5.46 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVE-2024-35768

Jun 18, 2024

Researcher: Phill Sav (Savphill)

Page Builder: Live Composer <= 1.5.38 - Missing Authorization

4.3

CVE-2024-32957

Apr 23, 2024

Researcher: Phill Sav (Savphill)

Page Builder: Live Composer <= 1.5.35 - Cross-Site Request Forgery

4.3

CVE-2024-31933

Apr 10, 2024

Researcher: Brandon James Roldan (tomorrowisnew)

Page Builder: Live Composer <= 1.5.25 - Authenticated (Author+) PHP Object Injection

8.8

CVE-2023-52206

Jan 3, 2024

Researcher: Le Ngoc Anh

Page Builder: Live Composer <= 1.5.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-52193

Jan 3, 2024

Researcher: Ngô Thiên An (ancorn_)

Page Builder: Live Composer <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4669

Jan 24, 2023

Researcher: István Márton

Title	Status	CVE ID	CVSS	Researchers	Date
Page Builder: Live Composer <= 1.5.42 - Authenticated (Contributor+) PHP Object Injection	Patched	CVE-2024-35780	7.5	LVT-tholv2k	June 19, 2024
Page Builder: Live Composer <= 1.5.42 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-35779	6.4	LVT-tholv2k	June 19, 2024
Page Builder: Live Composer <= 1.5.46 - Authenticated (Author+) Stored Cross-Site Scripting	Unpatched	CVE-2024-35768	6.4	Phill Sav (Savphill)	June 18, 2024
Page Builder: Live Composer <= 1.5.38 - Missing Authorization	Patched	CVE-2024-32957	4.3	Phill Sav (Savphill)	April 23, 2024
Page Builder: Live Composer <= 1.5.35 - Cross-Site Request Forgery	Patched	CVE-2024-31933	4.3	Brandon James Roldan (tomorrowisnew)	April 10, 2024
Page Builder: Live Composer <= 1.5.25 - Authenticated (Author+) PHP Object Injection	Patched	CVE-2023-52206	8.8	Le Ngoc Anh	January 3, 2024
Page Builder: Live Composer <= 1.5.23 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2023-52193	6.4	Ngô Thiên An (ancorn_)	January 3, 2024
Page Builder: Live Composer <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	Patched	CVE-2022-4669	6.4	István Márton	January 24, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation