Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Beaver Builder Page Builder – Drag and Drop Website Builder — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Beaver Builder Page Builder – Drag and Drop Website Builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: beaverbuilder

CVE IDTitleCVSSSeverityPublished
CVE-2026-2481 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]' CWE-79 6.4 Medium2026-04-08
CVE-2026-1231 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings CWE-79 6.4 Medium2026-02-11
CVE-2025-12934 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update CWE-862 8.1 High2025-12-23
CVE-2025-12558 Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure CWE-200 4.3 Medium2025-12-09
CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering CWE-862 4.3 Medium2025-12-04
CVE-2025-11726 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification CWE-862 4.3 Medium2025-12-02
CVE-2025-8897 Beaver Builder Plugin (Lite Version) <= 2.9.2.1 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2025-08-28
CVE-2024-11832 Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-12-13
CVE-2024-9505 Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget CWE-79 6.4 Medium2024-10-29
CVE-2024-9049 Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module CWE-79 6.4 Medium2024-09-27
CVE-2024-7895 Beaver Builder (Lite Version) <= 2.8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter CWE-79 6.4 Medium2024-08-29
CVE-2024-4430 Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute CWE-79 6.4 Medium2024-05-10
CVE-2024-3923 Beaver Builder – WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-09
CVE-2024-2925 Beaver Builder – WordPress Page Builder <= 2.8.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button CWE-79 6.4 Medium2024-04-02
CVE-2024-1038 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting CWE-79 5.4 Medium2024-03-13
CVE-2024-1080 Beaver Builder – WordPress Page Builder <= 2.7.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag CWE-79 6.4 Medium2024-03-13
CVE-2024-1074 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget CWE-79 6.4 Medium2024-03-13
CVE-2024-0896 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-13
CVE-2024-0871 Beaver Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget CWE-79 5.4 Medium2024-03-13
CVE-2024-0897 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-13

All 20 known CVE vulnerabilities affecting Beaver Builder Page Builder – Drag and Drop Website Builder with full Chinese analysis, references, and POCs where available.