cleantalk
Vulnerabilities and Security Researches

Beaver Builder – WordPress Page Builder, CVE-2024-3923

CVE, Research URL

CVE-2024-3923

Home page URL

Security reports for Beaver Builder – WordPress Page Builder

Application

Beaver Builder – WordPress Page Builder

Published on
May 14, 2024
Research Description
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.8.1.2.
Status
vulnerable
Previous vulnerability researches
Beaver Builder – WordPress Page Builder (CVE-2023-50889) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-0897) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-0871) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-3923) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-1038) , Jun 07, 2024
New vulnerability
SKT Skill Bar (CVE-2025-66090) , Dec 11, 2025
Trail Manager (CVE-2025-13682) , Dec 11, 2025
Course Booking System (CVE-2025-12042) , Dec 11, 2025
Chamber Dashboard Business Directory (CVE-2025-13414) , Dec 11, 2025
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder (CVE-2025-11560) , Dec 11, 2025