CVE-2026-57780
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-57780, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through <= 0.22.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
envision envision_page_builder to 0.22 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57780 is a Cross-Site Scripting (XSS) vulnerability in the WordPress Envision Page Builder Plugin, affecting versions up to and including 0.22.

This vulnerability occurs due to improper neutralization of input during web page generation, specifically a DOM-Based XSS issue.

It requires a privileged user, such as a Contributor or Developer, to perform an action like clicking a malicious link or submitting a form for the exploit to succeed.

If exploited, attackers can inject malicious scripts into the website, which execute when visitors access the site.

Impact Analysis

Exploitation of this vulnerability can allow attackers to inject malicious scripts into your website.

  • These scripts could perform unwanted actions such as redirecting visitors to malicious sites or displaying unauthorized advertisements.
  • Because the vulnerability requires a privileged user to trigger it, insider threats or compromised accounts increase risk.

The overall severity is considered low with a CVSS score of 6.5, but such XSS vulnerabilities are often targeted in mass-exploit campaigns affecting many websites.

As of the report date, no official patch is available, so immediate mitigation actions like updating the plugin or consulting a web developer are recommended.

Mitigation Strategies

Immediate action is recommended to mitigate this vulnerability since there is no official patch available yet.

  • Update the Envision Page Builder plugin to a version higher than 0.22 once a patch is released.
  • Seek assistance from your hosting provider or a web developer to implement temporary mitigations or workarounds.
  • Limit privileged user actions such as clicking unknown links or submitting untrusted forms to reduce exploitation risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57780. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart