Beaver Builder
Source repositories
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40744 | Hig | 0.55 | 8.5 | 0.00 | Apr 15, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2.10.1.2. | ||
| CVE-2024-53797 | Med | 0.42 | 6.5 | 0.00 | Dec 6, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Stored XSS.This issue affects Beaver Builder: from n/a through <= 2.8.4.3. | ||
| CVE-2024-4430 | Med | 0.42 | 6.4 | 0.00 | May 14, 2024 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. This makes it possible… | ||
| CVE-2024-3923 | Med | 0.42 | 6.4 | 0.00 | May 14, 2024 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-30425 | Med | 0.42 | 6.5 | 0.00 | Mar 29, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows DOM-Based XSS.This issue affects Beaver Builder: from n/a through <= 2.7.4.4. | ||
| CVE-2024-1080 | Med | 0.42 | 6.4 | 0.00 | Mar 13, 2024 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-0897 | Med | 0.42 | 6.4 | 0.00 | Mar 13, 2024 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-0896 | Med | 0.42 | 6.4 | 0.01 | Mar 13, 2024 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2023-50889 | Med | 0.42 | 6.5 | 0.00 | Dec 29, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2. | ||
| CVE-2024-50430 | Med | 0.38 | 5.9 | 0.00 | Nov 19, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Stored XSS.This issue affects Beaver Builder: from n/a through <= 2.8.3.7. | ||
| CVE-2024-2925 | Med | 0.35 | 6.4 | 0.00 | Apr 2, 2024 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes.… | ||
| CVE-2024-1074 | Med | 0.35 | 6.4 | 0.01 | Mar 13, 2024 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2024-1038 | Med | 0.28 | 5.4 | 0.01 | Mar 13, 2024 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This… | ||
| CVE-2024-0871 | Med | 0.28 | 5.4 | 0.00 | Mar 13, 2024 | The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input… | ||
| CVE-2022-2716 | 0.00 | — | 0.00 | Sep 6, 2022 | The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | |||
| CVE-2022-2934 | 0.00 | — | 0.00 | Sep 6, 2022 | The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it… | |||
| CVE-2022-2695 | 0.00 | — | 0.00 | Sep 6, 2022 | The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This… | |||
| CVE-2022-2517 | 0.00 | — | 0.00 | Sep 6, 2022 | The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it… | |||
| CVE-2022-36425 | 0.00 | — | 0.01 | Sep 6, 2022 | Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | |||
| CVE-2021-42748 | 0.00 | — | 0.01 | Jan 7, 2022 | In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. |
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2.10.1.2.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Stored XSS.This issue affects Beaver Builder: from n/a through <= 2.8.4.3.
- risk 0.42cvss 6.4epss 0.00
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. This makes it possible…
- risk 0.42cvss 6.4epss 0.00
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows DOM-Based XSS.This issue affects Beaver Builder: from n/a through <= 2.7.4.4.
- risk 0.42cvss 6.4epss 0.00
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.42cvss 6.4epss 0.00
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.42cvss 6.4epss 0.01
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Stored XSS.This issue affects Beaver Builder: from n/a through <= 2.8.3.7.
- risk 0.35cvss 6.4epss 0.00
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes.…
- risk 0.35cvss 6.4epss 0.01
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.28cvss 5.4epss 0.01
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This…
- risk 0.28cvss 5.4epss 0.00
The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input…
- CVE-2022-2716Sep 6, 2022risk 0.00cvss —epss 0.00
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- CVE-2022-2934Sep 6, 2022risk 0.00cvss —epss 0.00
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it…
- CVE-2022-2695Sep 6, 2022risk 0.00cvss —epss 0.00
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This…
- CVE-2022-2517Sep 6, 2022risk 0.00cvss —epss 0.00
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it…
- CVE-2022-36425Sep 6, 2022risk 0.00cvss —epss 0.01
Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress.
- CVE-2021-42748Jan 7, 2022risk 0.00cvss —epss 0.01
In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.