Critical Security Issues with Visual Composer plugin 4.2.4 and earlier

vclogoThis is an advisory post to let you know of several critical security issues with the very popular Visual Composer plugin by WP Bakery.

Apparently multiple XSS security vulnerabilities were identified in the plugin versions prior to 4.7.4 which was released on the 2nd October.

Envato (the owners of Code Canyon where the plugin is for sale) have been working with the plugin developers who have addressed all identified vulnerabilities in version 4.7.4 and later. They have also undertaken a code audit to ensure security of the plugin.

So what does this mean for you?

Please login to your WordPress site and visit the Plugins section to see if you have the WPBakery Visual Composer plugin installed.

If you do check the version is at least 4.7.4. If you have a version older than this then please run an update (if available and please ensure you backup your site files and database first). If you do not have an update option instructions on how to update Visual Composer can be found on the WPBakery website.


If you do not have a licence or seem to have a way to update please contact the person that developed the site for you to get them to apply an update. If you are having trouble or built the site yourself and are not sure what to do please feel free to contact us on (02) 8097 7957.