CVE-2025-62990
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Beaver Builder addons-for-beaver-builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through <= 3.9.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Livemesh Addons for Beaver Builder plugin through 3.9.2 allows authenticated attackers to inject malicious scripts.
The vulnerability is a stored cross-site scripting (XSS) in the Livemesh Addons for Beaver Builder plugin for WordPress. The plugin fails to properly neutralize input during web page generation, allowing attackers to inject arbitrary JavaScript that is stored and executed on subsequent visits [1].
Exploitation requires an authenticated user with privileges such as editor or admin to submit malicious input through the plugin's forms or settings. The injected script is stored on the server and triggers when any visitor loads the affected page [1].
Successful exploitation could lead to session hijacking, website defacement, or redirection to malicious sites. The CVSS v3 base score is 6.5 (Medium), reflecting the need for authenticated access and user interaction [1].
Affected versions are through 3.9.2. Users are advised to update to the latest patched version immediately. If unable to update, contact your hosting provider or web developer for assistance [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=3.9.2
- Range: <=3.9.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.