It is important you know about multiple XSS security vulnerabilities in the Visual Composer WordPress plugin versions prior to 4.7.4 (releases prior to October 2, 2015).
The team over at the Envato Market Place has been working with WP Bakery, the creators of Visual Composer, who have addressed all identified vulnerabilities in version 4.7.4 and later, and undertaken a code audit to ensure that it is as secure as possible.
What You Should Do RIGHT NOW!
In order to secure your item(s) from these vulnerabilities we strongly encourage you to update to version 4.7.4 or later as soon as possible. Instructions on how to update Visual Composer can be found on the WPBakery website.
You can check whether you have updated successfully by going to the WordPress dashboard Plugins page and checking the Visual Composer entry. Please make sure that the version number says 4.7.4.
If you have used this plugin in projects for clients, please help them to secure their sites as well or send them our way to help.