What is CVE-2026-24594?

CVE-2026-24594 is a medium-severity Cross-site Scripting (XSS) vulnerability affecting Livemesh Addons for WPBakery Page Builder. Organizations using affected versions should address this vulnerability as it may lead to stored XSS attacks.

What is the severity of CVE-2026-24594?

CVE-2026-24594 has a severity rating of MEDIUM with a CVSS base score of 5.9.

CVE-2026-24594 | Medium Vulnerability in Livemesh Addons for WPBakery Page Builder

CVE-2026-24594 is a medium-severity vulnerability classified as an improper neutralization of input during web page generation, commonly known as Cross-site Scripting (XSS). This vulnerability allows attackers to exploit the Livemesh Addons for WPBakery Page Builder, specifically affecting versions up to and including 3.9.4. The vulnerability was published on January 23, 2026, and has been labeled with a CVSS score of 5.9, indicating a medium level of risk.

The potential impact of this vulnerability is significant, as it enables stored XSS, which means that malicious scripts can be stored on the server and executed when users access the affected web pages. This type of attack can lead to unauthorized actions being performed on behalf of users, data theft, and other harmful consequences.

Given the vulnerability's classification and potential impact, organizations using affected versions of Livemesh Addons for WPBakery Page Builder should take immediate action to mitigate risks. It is crucial to prioritize patching to prevent potential exploitation by attackers.

As of now, there are no known public exploits or proof of concept (PoC) available for this vulnerability. However, it is essential to remain vigilant and monitor for any updates or advisories from relevant security sources.

Organizations should prioritize patching immediately.

Vulnerability Details

The vulnerability described in CVE-2026-24594 is categorized under CWE-79, which pertains to improper neutralization of input during web page generation. This vulnerability affects Livemesh Addons for WPBakery Page Builder, specifically from n/a through version 3.9.4. The CVSS score of 5.9 indicates a medium severity level, highlighting the need for attention from security teams.

Technical Analysis

The root cause of this vulnerability is linked to improper handling of user input, which allows malicious scripts to be stored and executed. The attack vector is network-based, with low complexity, requiring high privileges and user interaction to exploit. Once exploited, the attacker can execute scripts that might lead to data exposure or manipulation.

Risk & Impact Analysis

The risk to organizations includes potential data theft and unauthorized actions performed on behalf of users. The blast radius could extend to all users of the affected application, making it crucial for organizations to assess their exposure and take immediate action to mitigate this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

This vulnerability affects all versions of Livemesh Addons for WPBakery Page Builder up to and including version 3.9.4.

Mitigation & Remediation

To mitigate this vulnerability, organizations should update to the latest version of the Livemesh Addons for WPBakery Page Builder as soon as the vendor releases a patch. Additionally, organizations should consider implementing security controls such as input validation and output encoding to prevent XSS attacks. Organizations can validate remediation through application security assessments to identify similar weaknesses.

Detection Guidance

Organizations should monitor logs for unexpected script executions and user interactions that could indicate an attempted XSS attack. Behavioral anomalies, such as an increase in user reports of unexpected behavior or changes in web page content, should also be investigated.

AppSecure Threat Intelligence Insight

CVE-2026-24594 highlights the importance of proper input validation and user input handling in web applications. As web applications continue to evolve, the threat landscape also changes, emphasizing the need for organizations to stay informed about vulnerabilities that may impact their systems. Security teams should regularly review their security posture and implement proactive measures to defend against such vulnerabilities.

For organizations looking to improve their security posture, engaging in penetration testing can provide valuable insights into potential vulnerabilities.

Furthermore, reviewing vulnerability management programs can help organizations better prepare for and respond to emerging threats.

Finally, organizations should stay abreast of the latest trends in web security through continuous education and training to enhance their overall security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-24594: Medium Vulnerability in Livemesh Addons for WPBakery Page Builder