Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

beaverbuilder — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting beaverbuilder. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Beaver Builder is a WordPress page builder plugin designed to facilitate visual website creation through drag-and-drop interfaces. Despite its utility, the software has been associated with twenty-one recorded Common Vulnerabilities and Exposures (CVEs), indicating a significant history of security flaws. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation attacks, often stemming from insufficient input validation and insecure direct object references. Attackers have frequently exploited these weaknesses to gain unauthorized administrative access or inject malicious scripts into compromised sites. The high volume of disclosed CVEs suggests persistent challenges in maintaining robust code security standards within the plugin’s development lifecycle. While no single catastrophic incident has defined its public history, the cumulative risk profile remains elevated due to the severity and frequency of these exploitable defects, necessitating rigorous patching and security audits for administrators relying on this tool.

Top products by beaverbuilder: Beaver Builder Page Builder – Drag and Drop Website Builder Customizer Export/Import
CVE IDTitleCVSSSeverityPublished
CVE-2026-2481 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]' — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2026-04-08
CVE-2026-1231 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2026-02-11
CVE-2025-12934 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-862 8.1 High2025-12-23
CVE-2025-12558 Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-200 4.3 Medium2025-12-09
CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-862 4.3 Medium2025-12-04
CVE-2025-11726 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-862 4.3 Medium2025-12-02
CVE-2025-8897 Beaver Builder Plugin (Lite Version) <= 2.9.2.1 - Reflected Cross-Site Scripting — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.1 Medium2025-08-28
CVE-2024-11832 Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-12-13
CVE-2024-9505 Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-10-29
CVE-2024-9049 Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-09-27
CVE-2024-7620 Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import — Customizer Export/ImportCWE-434 6.6 Medium2024-09-07
CVE-2024-7895 Beaver Builder (Lite Version) <= 2.8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-08-29
CVE-2024-4430 Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-05-10
CVE-2024-3923 Beaver Builder – WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-05-09
CVE-2024-2925 Beaver Builder – WordPress Page Builder <= 2.8.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-04-02
CVE-2024-1038 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 5.4 Medium2024-03-13
CVE-2024-1080 Beaver Builder – WordPress Page Builder <= 2.7.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-03-13
CVE-2024-1074 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-03-13
CVE-2024-0896 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-03-13
CVE-2024-0871 Beaver Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 5.4 Medium2024-03-13
CVE-2024-0897 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Beaver Builder Page Builder – Drag and Drop Website BuilderCWE-79 6.4 Medium2024-03-13

This page lists every published CVE security advisory associated with beaverbuilder. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.