Beaver Builder
Beaver Builder
Developer
2.10.1.2
Latest version
100,000
Installations
No date
Last updated
Vulnerability history
0 present
31 patched
6 Mitigation rules
- WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings vulnerability<= 2.10.0.510/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.7.4.203/02/2026
- Arbitrary Code Execution vulnerability<= 2.9.4.121/01/2026
- Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update vulnerability<= 2.9.4.123/12/2025
- Authenticated (Contributor+) Sensitive Information Exposure vulnerability<= 2.9.409/12/2025
- Missing Authorization to Authenticated (Contributor+) Builder Status Tampering vulnerability<= 2.9.404/12/2025
- Missing Authorization to Authenticated (Contributor+) Global Preset Modification vulnerability<= 2.9.401/12/2025
- Reflected Cross-Site Scripting vulnerability<= 2.9.2.127/08/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.8.4.412/12/2024
- Cross Site Scripting (XSS) vulnerability<= 2.8.4.302/12/2024
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget vulnerability<= 2.8.4.229/10/2024
- Cross Site Scripting (XSS) vulnerability<= 2.8.3.724/10/2024
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability<= 2.8.3.627/09/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter vulnerability<= 2.8.3.529/08/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 2.8.3.226/08/2024
- Cross Site Scripting (XSS) vulnerability<= 2.8.2.204/07/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute vulnerability<= 2.8.1.210/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.8.1.107/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Button vulnerability<= 2.8.0.502/04/2024
- Cross Site Scripting (XSS) vulnerability<= 2.7.4.428/03/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag vulnerability<= 2.7.4.412/03/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget vulnerability<= 2.7.4.228/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget vulnerability<= 2.7.4.221/02/2024
- Reflected (DOM-Based) Cross-Site Scripting vulnerability<= 2.7.4.221/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.7.4.221/02/2024
- Cross Site Scripting (XSS) vulnerability<= 2.7.226/12/2023
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Caption On Hover<= 2.5.5.230/08/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability via caption<= 2.5.5.230/08/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Image URL<= 2.5.5.229/08/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Text Editor<= 2.5.5.229/08/2022
- Broken Access Control vulnerability<= 2.5.4.320/07/2022