CVE-2024-9049

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-9049 Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-9049

CVE-2024-9049 — Beaver Builder for WordPress: Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via the Button Group Module in versions up to 2.8.3.6. Root cause: insufficient input sanitization and output escaping on user-supplied attributes in the Button Group. Impact: stored X...

WordPress Beaver Builder plugin <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability discovered by zer0gh0st in WordPress Plugin Beaver Builder versions = 2.8.3.6...

PT-2024-39390 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin versions up to, and including, 2.8.3.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Button Group module due to insufficient input sanitization and output...