Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

49 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/27 6:46 a.m.4 views

CVE-2026-3897

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References5
CVE
CVEadded 2026/05/27 6:46 a.m.9 views

CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/27 6:46 a.m.22 views

CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS0.0003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/02/11 1:23 a.m.5 views

CVE-2026-1231

The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the js Global Settings parameter in all versions up to, and including, 2.10.0.5 due to missing capability checks on saveglobalsettings function and insufficient...

6.4CVSS5.8AI score0.00045EPSS
Exploits0References5
Patchstack
Patchstackadded 2026/02/03 12:37 p.m.3 views

WordPress Beaver Builder plugin <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.7.4.2...

6.4CVSS5.3AI score0.00206EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/01/21 1:15 p.m.1 views

WordPress Beaver Builder plugin <= 2.9.4.1 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by mcdruid in WordPress Plugin Beaver Builder versions = 2.9.4.1...

7.5CVSS5.5AI score0.00092EPSS
Exploits0Affected Software1
Cvelist
Cvelistadded 2026/01/08 4:35 p.m.19 views

CVE-2026-22488 WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder dashboard-welcome-for-beaver-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through = 1.0.8...

5.3CVSS0.00051EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:13 a.m.7 views

CVE-2024-2925

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.8AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:12 a.m.1 views

CVE-2024-2163

The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes such as urls. This makes it...

6.4CVSS6.1AI score0.00235EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/12/31 12:0 a.m.3 views

WordPress Beaver Builder Plugin (Starter Version) plugin <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Tom Broucke - Otomaties in WordPress Plugin Beaver Builder Plugin Starter Version versions = 2.9.1...

7.2CVSS5.9AI score0.01373EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/12/23 12:0 a.m.4 views

PT-2025-52730

Name of the Vulnerable Software and Affected Versions Beaver Builder – WordPress Page Builder plugin versions prior to 2.9.4.1 Description The Beaver Builder – WordPress Page Builder plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing...

8.1CVSS6AI score0.00041EPSS
Exploits0References10
NVD
NVDadded 2025/12/09 4:17 p.m.1 views

CVE-2025-12558

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'getattachmentsizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extra...

4.3CVSS0.00044EPSS
Exploits0References4
Patchstack
Patchstackadded 2025/10/23 10:9 p.m.4 views

WordPress Beaver Builder Plugin (Starter Version) plugin <= 2.9.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'auto_play' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'autoplay' vulnerability discovered by Sulabh Jain pentestmonkey11 in WordPress Plugin Beaver Builder Plugin Starter Version versions = 2.9.2.1...

6.4CVSS5.8AI score0.00024EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/23 3:30 p.m.2 views

EUVD-2025-35678

The Beaver Builder Plugin Starter Version plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS4.7AI score0.00024EPSS
Exploits0References3
CVE
CVEadded 2025/10/23 12:32 p.m.10 views

CVE-2025-8427

Beaver Builder Plugin (Starter Version) for WordPress (

6.4CVSS4.7AI score0.00024EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2025/10/23 12:0 a.m.3 views

WordPress plugin Beaver Builder Plugin Starter Version 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00024EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/10/23 12:0 a.m.2 views

PT-2025-43511

Name of the Vulnerable Software and Affected Versions Beaver Builder Plugin Starter Version versions through 2.9.2.1 Description The Beaver Builder Plugin Starter Version for WordPress is susceptible to Stored Cross-Site Scripting through the auto play parameter. Insufficient input sanitization a...

6.4CVSS5.3AI score0.00024EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/03 8:7 p.m.0 views

EUVD-2024-16678

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00206EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-27105

Malicious code in bioql PyPI...

6.4CVSS8.6AI score0.00171EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-32491

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00206EPSS
Exploits0References3
Rows per page
Query Builder