WordPress: Stored XSS via Grid Builder in WPBakery Page Builder Plugin - Proactive Insights and Support For Open-Source Applications

In WPBakery Page Builder plugin for WordPress versions up to and including 8.4.1 a medium severity vulnerability CVE-2025-4965 was detected. This vulnerability allows authenticated attackers with Author-level access and above to perform Stored Cross-Site Scripting (XSS) attacks via the Grid Builder feature due to insufficient input sanitization and output escaping on user-supplied attributes. To address this issue, users should upgrade WPBakery Page Builder plugin to versions 8.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4965.