Beaverbuilder Beaver Builder Page Builder – Drag And Drop Website Builder
20 CVEs affecting Beaverbuilder Beaver Builder Page Builder – Drag And Drop Website Builder. Latest disclosed: 2026-04-08. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-12934 | High | 8.1 | 2025-12-23 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability chec… |
CVE-2026-2481 | Medium | 6.4 | 2026-04-08 | The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parame… |
CVE-2026-1231 | Medium | 6.4 | 2026-02-11 | The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `js` Global Settings… |
CVE-2024-11832 | Medium | 6.4 | 2024-12-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all ver… |
CVE-2024-9505 | Medium | 6.4 | 2024-10-29 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up… |
CVE-2024-9049 | Medium | 6.4 | 2024-09-27 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versi… |
CVE-2024-7895 | Medium | 6.4 | 2024-08-29 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, a… |
CVE-2024-4430 | Medium | 6.4 | 2024-05-10 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versio… |
CVE-2024-3923 | Medium | 6.4 | 2024-05-09 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up… |
CVE-2024-2925 | Medium | 6.4 | 2024-04-02 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up… |
CVE-2024-1080 | Medium | 6.4 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to… |
CVE-2024-1074 | Medium | 6.4 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all… |
CVE-2024-0896 | Medium | 6.4 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up… |
CVE-2024-0897 | Medium | 6.4 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to… |
CVE-2025-8897 | Medium | 6.1 | 2025-08-28 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'fl_builder' parameter in all version… |
CVE-2024-1038 | Medium | 5.4 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' par… |
CVE-2024-0871 | Medium | 5.4 | 2024-03-13 | The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_… |
CVE-2025-12558 | Medium | 4.3 | 2025-12-09 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 vi… |
CVE-2025-12782 | Medium | 4.3 | 2025-12-04 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due… |
CVE-2025-11726 | Medium | 4.3 | 2025-12-02 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.9.4. This is du… |