2 matches found
CVE-2024-0871
The CVE-2024-0871 entry concerns Beaver Builder – WordPress Page Builder. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Icon Widget via fl_builder_data[node_preview][link] and fl_builder_data[settings][link_target] parameters in all versions up to 2.7.4.2, caused by insufficient...
CVE-2024-0871 Beaver Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget
The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'flbuilderdatanodepreviewlink' and 'flbuilderdatasettingslinktarget' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This...