Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Beaver Builder Page Builder – Drag and Drop Website Builder — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Beaver Builder Page Builder – Drag and Drop Website Builder, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities for Beaver Builder Page Builder, a drag-and-drop website builder, categorized under weakness types associated with web application software. It aggregates data on identified security flaws affecting this specific WordPress plugin, covering a comprehensive historical range of disclosed incidents to provide a complete picture of the product’s security landscape. Visitors can track the vendor’s advisory history to understand how reported issues were addressed over time, gain a deeper understanding of specific weakness classes relevant to page builders and content management systems, and look up the detailed vulnerability history of this popular tool to assess risk exposure. The content is organized to help developers, site administrators, and security professionals evaluate the impact of past vulnerabilities and make informed decisions about plugin usage and maintenance. By centralizing this information, the resource aims to enhance transparency regarding the security posture of the Beaver Builder ecosystem. Readers are encouraged to review the chronological listings and detailed descriptions to grasp the evolution of security patches and the nature of exploits that have targeted this software. This approach supports proactive security management by highlighting trends and recurring issues within the product’s development lifecycle.

Vendor: beaverbuilder

CVE IDTitleCVSSSeverityPublished
CVE-2026-2481 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]' CWE-79 6.4 Medium2026-04-08
CVE-2026-1231 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings CWE-79 6.4 Medium2026-02-11
CVE-2025-12934 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update CWE-862 8.1 High2025-12-23
CVE-2025-12558 Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure CWE-200 4.3 Medium2025-12-09
CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering CWE-862 4.3 Medium2025-12-04
CVE-2025-11726 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification CWE-862 4.3 Medium2025-12-02
CVE-2025-8897 Beaver Builder Plugin (Lite Version) <= 2.9.2.1 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2025-08-28
CVE-2024-11832 Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-12-13
CVE-2024-9505 Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget CWE-79 6.4 Medium2024-10-29
CVE-2024-9049 Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module CWE-79 6.4 Medium2024-09-27
CVE-2024-7895 Beaver Builder (Lite Version) <= 2.8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter CWE-79 6.4 Medium2024-08-29
CVE-2024-4430 Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute CWE-79 6.4 Medium2024-05-10
CVE-2024-3923 Beaver Builder – WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-09
CVE-2024-2925 Beaver Builder – WordPress Page Builder <= 2.8.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button CWE-79 6.4 Medium2024-04-02
CVE-2024-1038 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting CWE-79 5.4 Medium2024-03-13
CVE-2024-1080 Beaver Builder – WordPress Page Builder <= 2.7.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag CWE-79 6.4 Medium2024-03-13
CVE-2024-1074 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget CWE-79 6.4 Medium2024-03-13
CVE-2024-0896 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-13
CVE-2024-0871 Beaver Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget CWE-79 5.4 Medium2024-03-13
CVE-2024-0897 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-13

All 20 known CVE vulnerabilities affecting Beaver Builder Page Builder – Drag and Drop Website Builder with full Chinese analysis, references, and POCs where available.