Vulnerabilities and security researches foraddons-for-beaver-builder addons-for-beaver-builder
Direction: descendingApr 15, 2026
Livemesh Addons for Beaver Builder # CVE-2026-2029
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 26, 2026
- Research Description
- The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[labb_pricing_item]` shortcode's `title` and `value` attributes in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. Specifically, the plugin uses `htmlspecialchars_decode()` after `wp_kses_post()`, which decodes HTML entities back into executable code after sanitization has occurred. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 3.9.2.
- Status
-
vulnerable
Jan 10, 2026
Livemesh Addons for Beaver Builder # CVE-2025-62990
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 31, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder addons-for-beaver-builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.9.2.
- Affected versions
-
max 3.9.2.
- Status
-
vulnerable
Nov 14, 2024
Livemesh Addons for Beaver Builder # CVE-2022-4974
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 2.8.4.
- Status
-
vulnerable
Jul 22, 2024
Livemesh Addons for Beaver Builder # CVE-2024-38784
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 22, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1.
- Affected versions
-
max 3.7.
- Status
-
vulnerable
Jun 07, 2024
Livemesh Addons for Beaver Builder # 59a7c506d5734a44b201246014b24ace2cb43da3
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 28, 2022
- Research Description
- Livemesh Addons for Beaver Builder [addons-for-beaver-builder] < 3.3 WordPress Livemesh Addons for Beaver Builder plugin <= 2.8.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Livemesh Addons for Beaver Builder plugin (versions <= 2.8.3).
- Affected versions
-
max 3.3.
- Status
-
vulnerable