VYPR

Beaver Builder

by WordPress

CVEs (14)

  • CVE-2024-7895MedAug 29, 2024
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-1080MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-0897MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-0896MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.01

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-50889MedDec 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2.

  • CVE-2022-2934MedSep 6, 2022
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2022-2716MedSep 6, 2022
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2022-2695MedSep 6, 2022
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This…

  • CVE-2022-2517MedSep 6, 2022
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-9505MedOct 29, 2024
    risk 0.35cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-1074MedMar 13, 2024
    risk 0.35cvss 6.4epss 0.01

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2021-42748MedJan 10, 2022
    risk 0.35cvss 5.3epss 0.01

    In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.

  • CVE-2024-1038MedMar 13, 2024
    risk 0.28cvss 5.4epss 0.01

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-0871MedMar 13, 2024
    risk 0.28cvss 5.4epss 0.00

    The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input…