cleantalk
Vulnerabilities and Security Researches

Beaver Builder – WordPress Page Builder, CVE-2026-2481

CVE, Research URL

CVE-2026-2481

Home page URL

Security reports for Beaver Builder – WordPress Page Builder

Application

Beaver Builder – WordPress Page Builder

Published on
Apr 08, 2026
Research Description
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.10.1.2.
Status
vulnerable
Previous vulnerability researches
Beaver Builder – WordPress Page Builder (CVE-2023-50889) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-0897) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-0871) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-3923) , Jun 07, 2024
Beaver Builder – WordPress Page Builder (CVE-2024-1038) , Jun 07, 2024
New vulnerability
WP Google Ad Manager Plugin (CVE-2026-1399) , Apr 15, 2026
WP Social Meta (CVE-2026-2498) , Apr 15, 2026
Allow HTML in Category Descriptions (CVE-2026-0693) , Apr 15, 2026
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display G (CVE-2026-1916) , Apr 15, 2026
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscription (CVE-2026-1994) , Apr 15, 2026