Vulnerabilities and security researches forultimate-addons-for-beaver-builder-lite ultimate-addons-for-beaver-builder-lite

Jun 07, 2024

CVE, Research URL: CVE-2024-2142
Home page URL: Security reports for Ultimate Addons for Beaver Builder – Lite
Application: Ultimate Addons for Beaver Builder – Lite
Date: Mar 30, 2024
Research Description: The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-2140
Home page URL: Security reports for Ultimate Addons for Beaver Builder – Lite
Application: Ultimate Addons for Beaver Builder – Lite
Date: Mar 30, 2024
Research Description: The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: af1fef9f-e671-4d61-a217-ce801c9f71f3
Home page URL: Security reports for Ultimate Addons for Beaver Builder – Lite
Application: Ultimate Addons for Beaver Builder – Lite
Date: -
Research Description: Ultimate Addons for Beaver Builder – Lite [ultimate-addons-for-beaver-builder-lite] < 1.5.5 Ultimate Addons for Beaver Builder < 1.25.0 - Cross-Site Scripting (XSS) From the plugin's changelog file: "22 Jan 2020 Important Security Update: Update Now! A security researcher privately reported a bug about cross-site scripting (XSS) vulnerability. Our team immediately took action, and provided the required patch within 2 hours, releasing the update on the same day after thorough validation. Users don’t need to panic. We haven’t heard of any exploit attempts using this vulnerability. However, we strongly recommend all our users to update Ultimate Addons for Beaver Builder as soon as possible."
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-2141
Home page URL: Security reports for Ultimate Addons for Beaver Builder – Lite
Application: Ultimate Addons for Beaver Builder – Lite
Date: Mar 30, 2024
Research Description: The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-23882
Home page URL: Security reports for Ultimate Addons for Beaver Builder – Lite
Application: Ultimate Addons for Beaver Builder – Lite
Date: Jan 17, 2024
Research Description: Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-2143
Home page URL: Security reports for Ultimate Addons for Beaver Builder – Lite
Application: Ultimate Addons for Beaver Builder – Lite
Date: Mar 30, 2024
Research Description: The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-2144
Home page URL: Security reports for Ultimate Addons for Beaver Builder – Lite
Application: Ultimate Addons for Beaver Builder – Lite
Date: Mar 30, 2024
Research Description: The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Aug 12, 2024

CVE, Research URL: CVE-2024-43151
Home page URL: Security reports for Ultimate Addons for Beaver Builder – Lite
Application: Ultimate Addons for Beaver Builder – Lite
Date: Aug 13, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9.
Affected versions: Min -, max -.
Status: vulnerable