2 matches found
CVE-2024-9049
CVE-2024-9049 — Beaver Builder for WordPress: Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via the Button Group Module in versions up to 2.8.3.6. Root cause: insufficient input sanitization and output escaping on user-supplied attributes in the Button Group. Impact: stored X...
CVE-2024-9049 Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...