CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

686 matches found

Patchstack•added 2026/05/27 9:13 a.m.•4 views

WordPress Livemesh Addons for Beaver Builder plugin <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for Beaver Builder versions = 3.9.2...

6.4CVSS5.8AI score0.0003EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/27 8:16 a.m.•8 views

CVE-2026-3897

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS0.0003EPSS

Exploits0References4

EUVD•added 2026/05/27 6:46 a.m.•5 views

EUVD-2026-32101

6.4CVSS5.8AI score0.0003EPSS

Exploits0References4

ATTACKERKB•added 2026/05/27 6:46 a.m.•3 views

CVE-2026-3897

6.4CVSS5.8AI score0.0003EPSS

Exploits0References5

CVE•added 2026/05/27 6:46 a.m.•9 views

CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

6.4CVSS5.8AI score0.0003EPSS

Exploits0References4

Cvelist•added 2026/05/27 6:46 a.m.•22 views

CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

6.4CVSS0.0003EPSS

Exploits0References4

Positive Technologies•added 2026/05/27 12:0 a.m.•3 views

PT-2026-43549

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labb admin ajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but...

6.4CVSS5.8AI score0.0003EPSS

Exploits0References5

CNNVD•added 2026/05/27 12:0 a.m.•4 views

WordPress plugin Livemesh Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.0003EPSS

Exploits0References4

RedhatCVE•added 2026/04/16 7:22 p.m.•1 views

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

8.5CVSS5.9AI score0.00038EPSS

Exploits0References1

EUVD•added 2026/04/16 3:31 p.m.•0 views

EUVD-2026-22897

8.5CVSS5.9AI score0.00038EPSS

Exploits0References2

NVD•added 2026/04/15 11:16 a.m.•1 views

CVE-2026-40744

8.5CVSS0.00038EPSS

Exploits0References1

Cvelist•added 2026/04/15 10:21 a.m.•23 views

CVE-2026-40744 WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability

8.5CVSS0.00038EPSS

Exploits0References1

ATTACKERKB•added 2026/04/15 10:21 a.m.•1 views

CVE-2026-40744

5.9AI score0.00038EPSS

Exploits0References2

CVE•added 2026/04/15 10:21 a.m.•2 views

CVE-2026-40744

CVE-2026-40744 concerns the WordPress Beaver Builder plugin (lite version) with a Blind SQL Injection vulnerability in Beaver Builder

8.5CVSS5.9AI score0.00038EPSS

Exploits0References1

Vulnrichment•added 2026/04/15 10:21 a.m.•0 views

CVE-2026-40744 WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability

8.5CVSS5.9AI score0.00038EPSS

Exploits0References1

CNNVD•added 2026/04/15 12:0 a.m.•4 views

WordPress plugin Beaver Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.5CVSS5.9AI score0.00038EPSS

Exploits0References1

Positive Technologies•added 2026/04/15 12:0 a.m.•2 views

PT-2026-33046

Name of the Vulnerable Software and Affected Versions Beaver Builder versions prior to 2.10.1.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data directl...

8.5CVSS5.9AI score0.00038EPSS

Exploits0References4

Patchstack•added 2026/04/09 6:38 p.m.•1 views

WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]' vulnerability

WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin = 2.10.1.1 - Authenticated Author+ Stored Cross-Site Scripting via 'settingsjs' vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.10.1.1...

6.4CVSS5.9AI score0.00012EPSS

Exploits0References1Affected Software1

NVD•added 2026/04/08 12:16 p.m.•1 views

CVE-2026-2481

The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settingsjs' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00012EPSS

Exploits0References2

Cvelist•added 2026/04/08 11:16 a.m.•19 views

CVE-2026-2481 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]'

6.4CVSS0.00012EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by