cleantalk
Vulnerabilities and Security Researches

Beaver Builder – WordPress Page Builder, CVE-2022-2695

CVE, Research URL

CVE-2022-2695

Home page URL

Security reports for Beaver Builder – WordPress Page Builder

Application

Beaver Builder – WordPress Page Builder

Published on
Sep 06, 2022
Research Description
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.5.5.3.
Status
vulnerable
Previous vulnerability researches
Beaver Builder – WordPress Page Builder (CVE-2023-50889) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-0897) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-0871) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-3923) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-1038) , Jun 07, 2024
New vulnerability
SKT Skill Bar (CVE-2025-66090) , Dec 11, 2025
Trail Manager (CVE-2025-13682) , Dec 11, 2025
Course Booking System (CVE-2025-12042) , Dec 11, 2025
Chamber Dashboard Business Directory (CVE-2025-13414) , Dec 11, 2025
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder (CVE-2025-11560) , Dec 11, 2025