Defiant Inc, developers of the popular WordFence security plugin for WordPress has reported a cross-site scripting vulnerability with the WPBakery page building plugin for WordPress. The plugin is installed on over four million websites.
WPBakery is currently installed on over 4.3 million websites and one of most popular page building plugins.
All WordPress users or site owners need to upgrade to the latest version of WPBakery (at the time of writing this is 6.4.1)
The latest version is available at CodeCanyon.