This vulnerability in Visual Composer Website Builder involves improper input sanitization during the generation of web pages, leading to stored cross-site scripting (XSS). Attackers could inject malicious scripts that persist on the site and execute when other users access the affected content. The vulnerability affects all versions prior to 45.15.0. The CVSS 3.1 vector indicates the attack requires network access, low attack complexity, privileges, and user interaction, with impacts on confidentiality, integrity, and availability rated as low to low and low respectively.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users visiting the affected website, potentially leading to information disclosure, modification of site content, or disruption of service. The impact is rated medium severity based on the CVSS score of 6.5. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with input handling and consider implementing additional input validation or output encoding as temporary mitigations. Monitor official Visual Composer channels for updates regarding patches or fixes.