Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Beaver Builder — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting Beaver Builder. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Beaver Builder is a WordPress page builder plugin enabling drag-and-drop website creation. Historically, it has faced multiple security vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. The plugin has accumulated 9 CVE records to date, with several critical RCE vulnerabilities allowing attackers to execute arbitrary code on affected servers. Security researchers have identified consistent issues in input validation and access control mechanisms. While Beaver Builder remains popular among WordPress users, its security track record demonstrates the importance of regular updates and proper hardening for any WordPress installation utilizing this plugin.

Top products by Beaver Builder: Beaver Builder Beaver Themer WordPress Assistant
CVE IDTitleCVSSSeverityPublished
CVE-2026-40744 WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability — Beaver BuilderCWE-89 8.5 High2026-04-15
CVE-2025-69319 WordPress Beaver Builder plugin <= 2.9.4.1 - Arbitrary Code Execution vulnerability — Beaver BuilderCWE-94 7.5 High2026-01-22
CVE-2025-53307 WordPress Assistant Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability — WordPress AssistantCWE-79 7.1 High2025-09-05
CVE-2025-26885 WordPress Assistant Plugin <= 1.5.1 - PHP Object Injection vulnerability — WordPress AssistantCWE-502 7.2 High2025-03-03
CVE-2024-53797 WordPress Beaver Builder plugin <= 2.8.4.3 - Cross Site Scripting (XSS) vulnerability — Beaver BuilderCWE-79 6.5 Medium2024-12-06
CVE-2024-50430 WordPress Beaver Builder plugin <= 2.8.3.7 - Cross Site Scripting (XSS) vulnerability — Beaver BuilderCWE-79 6.5 Medium2024-11-19
CVE-2023-6694 Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode — Beaver ThemerCWE-79 6.4 Medium2024-04-09
CVE-2023-6695 Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode — Beaver ThemerCWE-359 6.5 Medium2024-04-09
CVE-2024-30425 WordPress Beaver Builder plugin <= 2.7.4.4 - Cross Site Scripting (XSS) vulnerability — Beaver BuilderCWE-79 6.5 Medium2024-03-29

This page lists every published CVE security advisory associated with Beaver Builder. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.