Letting you know about multiple XSS security vulnerabilities in the Visual Composer WordPress plugin versions prior to 4.7.4 (releases prior to October 2, 2015).
The author of Visual Composer who has addressed all identified vulnerabilities and undertaken a code audit to ensure that it is as secure as possible.
WordPress themes which include Visual Composer should be updated asap either by:
1) Updating your WordPress theme.
2) Manual update of Visual Composer via FTP. eg: Download plugin patch and connect to your server using an FTP client and upload the js_composer directory (from the downloaded zip file) to the wp-content/plugins/ directory, overwriting the old Visual Composer files with the secure version.
Note: In some cases this will break your theme. Some themes may need changes to support the latest version of Visual Composer. Other themes may be using modified versions of the Visual Composer plugin. For this reason, we recommend updating through the theme rather than the direct download.
If you’ve updated to Visual Composer 4.7.4 and your theme no longer works, then for an immediate fix, please revert your theme to the backup made prior to updating. Please then reach out for website support to update to the secure version of Visual Composer.