Lucene search
K

829 matches found

Patchstack
Patchstack
added 2025/12/31 12:56 p.m.8 views

WordPress Livemesh Addons for Beaver Builder plugin <= 3.9.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Livemesh Addons for Beaver Builder versions = 3.9.2...

6.5CVSS5.9AI score0.0013EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.5 views

WordPress plugin Livemesh Addons for Beaver Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.9AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54326

Name of the Vulnerable Software and Affected Versions Livemesh Addons for Beaver Builder versions through 3.9.2 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Cross-site Scripting XSS. This issue allows f...

6.5CVSS5.5AI score0.0013EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Beaver Builder Plugin (Starter Version) plugin <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Tom Broucke - Otomaties in WordPress Plugin Beaver Builder Plugin Starter Version versions = 2.9.1...

7.2CVSS5.9AI score0.00531EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/24 9:39 a.m.4 views

CVE-2025-12934

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...

8.1CVSS5.2AI score0.00351EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/23 12:30 p.m.5 views

EUVD-2025-204782

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...

8.1CVSS4.8AI score0.00351EPSS
Exploits0References5
NVD
NVD
added 2025/12/23 10:15 a.m.4 views

CVE-2025-12934

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...

8.1CVSS0.00351EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/23 9:20 a.m.32 views

CVE-2025-12934 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...

8.1CVSS0.00351EPSS
Exploits0References4
CVE
CVE
added 2025/12/23 9:20 a.m.20 views

CVE-2025-12934

CVE-2025-12934 affects the Beaver Builder Page Builder for WordPress. Wordfence’s vulnerability detail describes a missing capability check in the duplicate_wpml_layout function that exists in Beaver Builder versions up to and including 2.9.4.1. This permits authenticated attackers with Subscribe...

8.1CVSS4.8AI score0.00351EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/23 9:20 a.m.4 views

CVE-2025-12934 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...

8.1CVSS4.8AI score0.00351EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/23 12:12 a.m.9 views

WordPress Beaver Builder – WordPress Page Builder plugin <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Beaver Builder versions = 2.9.4.1...

8.1CVSS6.7AI score0.00351EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.4 views

WordPress plugin Beaver Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.3AI score0.00351EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.6 views

PT-2025-52730

Name of the Vulnerable Software and Affected Versions Beaver Builder – WordPress Page Builder plugin versions prior to 2.9.4.1 Description The Beaver Builder – WordPress Page Builder plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing...

8.1CVSS6AI score0.00351EPSS
Exploits0References10
CNVD
CNVD
added 2025/12/12 12:0 a.m.2 views

WordPress Plugin Beaver Builder Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...

4.3CVSS6.1AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:22 p.m.6 views

CVE-2025-12558

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'getattachmentsizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extra...

4.3CVSS5.6AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202053

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'getattachmentsizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extra...

4.3CVSS5.1AI score0.00357EPSS
Exploits0References5
OSV
OSV
added 2025/12/09 4:17 p.m.3 views

CVE-2025-12558

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'getattachmentsizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extra...

4.3CVSS5.7AI score0.00357EPSS
Exploits0References4
NVD
NVD
added 2025/12/09 4:17 p.m.3 views

CVE-2025-12558

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'getattachmentsizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extra...

4.3CVSS0.00357EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/09 1:51 p.m.32 views

CVE-2025-12558 Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'getattachmentsizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extra...

4.3CVSS0.00357EPSS
Exploits0References4
CVE
CVE
added 2025/12/09 1:51 p.m.10 views

CVE-2025-12558

CVE-2025-12558 (Beaver Builder – WordPress Page Builder) exposes sensitive information via the get_attachment_sizes function. All versions up to and including 2.9.4 are affected. Exploitation requires authentication at Contributor level or higher, enabling an attacker to extract the path and meta...

4.3CVSS5.2AI score0.00357EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder