WordPress Beaver Builder plugin <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability discovered by zer0gh0st in WordPress Plugin Beaver Builder versions = 2.8.3.6...

PT-2024-39390 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin versions up to, and including, 2.8.3.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Button Group module due to insufficient input sanitization and output...