Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 6:46 a.m.8 views

CVE-2026-3897

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 6:46 a.m.14 views

CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 6:46 a.m.33 views

CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS0.00223EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 6:46 a.m.29 views

CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43549

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labb admin ajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References6
Rows per page
Query Builder