VYPR

Beaver Builder

by Fastlinemedia

Source repositories

CVEs (20)

  • CVE-2026-40744HigApr 15, 2026
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2.10.1.2.

  • CVE-2024-53797MedDec 6, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Stored XSS.This issue affects Beaver Builder: from n/a through <= 2.8.4.3.

  • CVE-2024-4430MedMay 14, 2024
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2024-3923MedMay 14, 2024
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-30425MedMar 29, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows DOM-Based XSS.This issue affects Beaver Builder: from n/a through <= 2.7.4.4.

  • CVE-2024-1080MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-0897MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-0896MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.01

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-50889MedDec 29, 2023
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2.

  • CVE-2024-50430MedNov 19, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Stored XSS.This issue affects Beaver Builder: from n/a through <= 2.8.3.7.

  • CVE-2024-2925MedApr 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-1074MedMar 13, 2024
    risk 0.35cvss 6.4epss 0.01

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-1038MedMar 13, 2024
    risk 0.28cvss 5.4epss 0.01

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-0871MedMar 13, 2024
    risk 0.28cvss 5.4epss 0.00

    The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input…

  • CVE-2022-2716Sep 6, 2022
    risk 0.00cvss epss 0.00

    The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2022-2934Sep 6, 2022
    risk 0.00cvss epss 0.00

    The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2022-2695Sep 6, 2022
    risk 0.00cvss epss 0.00

    The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This…

  • CVE-2022-2517Sep 6, 2022
    risk 0.00cvss epss 0.00

    The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2022-36425Sep 6, 2022
    risk 0.00cvss epss 0.01

    Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress.

  • CVE-2021-42748Jan 7, 2022
    risk 0.00cvss epss 0.01

    In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.