Vulnerability Discovered in WPBakery < 6.4.1
https://www.wordfence.comWPBakery WordPress plugin is installed on over 4.3 million sites and is a popular page builder plugin. In versions prior to 6.4.1, there is a vulnerability that made it possible for authenticated attackers with contributor-level or above permissions to inject malicious JavaScript in posts.
The issue has been fixed in Version 6.4.1 which is available now from the plugin’s website.