Lucene search

K
cveWordfenceCVE-2022-2716
HistorySep 06, 2022 - 6:15 p.m.

CVE-2022-2716

2022-09-0618:15:14
CWE-79
Wordfence
web.nvd.nist.gov
35
3
beaver builder
wordpress
page builder
cve-2022-2716
stored cross-site scripting
input sanitization
output escaping

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Text Editor’ block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affected configurations

Nvd
Vulners
Node
fastlinemediabeaver_builderRange2.5.5.2litewordpress
VendorProductVersionCPE
fastlinemediabeaver_builder*cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:*

CNA Affected

[
  {
    "product": "Beaver Builder – WordPress Page Builder ",
    "vendor": "justinbusa",
    "versions": [
      {
        "lessThanOrEqual": "2.5.5.2",
        "status": "affected",
        "version": "2.5.5.2",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%