PatchSiren cyber security CVE debrief
CVE-2026-57780 Plugin Envision CVE debrief
CVE-2026-57780 is a DOM-Based XSS vulnerability in Envision Page Builder, a plugin for WordPress. The issue affects Envision Page Builder versions from n/a through <= 0.22. This vulnerability allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. Users of Envision Page Builder should be aware of this vulnerability and take necessary steps to mitigate it.
- Vendor
- Plugin Envision
- Product
- Envision Page Builder
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Envision Page Builder versions from n/a through <= 0.22 should be aware of this DOM-Based XSS vulnerability. Operators, administrators, and security teams responsible for maintaining WordPress installations with Envision Page Builder should review the vulnerability details and take necessary steps to mitigate the risk.
Technical summary
CVE-2026-57780 is a DOM-Based XSS vulnerability in Envision Page Builder. The vulnerability allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. This issue affects Envision Page Builder versions from n/a through <= 0.22. Users should verify the version of Envision Page Builder in use and apply the latest patch or update to version 0.23 or later.
Defensive priority
Medium priority due to the CVSS score of 6.5. Given the potential impact of DOM-Based XSS vulnerabilities, defenders should prioritize verification of Envision Page Builder versions and apply patches or mitigations as soon as possible.
Recommended defensive actions
- Inventory and verify the version of Envision Page Builder in use.
- Apply the latest patch or update to version 0.23 or later.
- Implement compensating controls such as web application firewalls or intrusion detection systems.
- Monitor for suspicious activity or anomalies in web application logs.
- Review and update asset inventory to track affected systems.
- Plan and schedule remediation through normal change control.
- Verify and document exception handling and retesting of remediated assets.
Evidence notes
Evidence is limited; primary official records indicate a DOM-Based XSS vulnerability in Envision Page Builder versions from n/a through <= 0.22. The CVE record was published on 2026-07-13T10:16:42.050Z and has not been modified since then. Defenders should verify the version of Envision Page Builder in use and review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Official resources
-
CVE-2026-57780 CVE record
CVE.org
-
CVE-2026-57780 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:42.050Z and has not been modified since then.