cleantalk
Vulnerabilities and Security Researches

Ultimate Addons for Beaver Builder – Lite, 25740522f41a7142a283b2fe8910fa30c3aed32d

CVE, Research URL

25740522f41a7142a283b2fe8910fa30c3aed32d

Home page URL

Security reports for Ultimate Addons for Beaver Builder – Lite

Application

Ultimate Addons for Beaver Builder – Lite

Published on
Jan 23, 2023
Research Description
Ultimate Addons for Beaver Builder &#8211; Lite [ultimate-addons-for-beaver-builder-lite] < 1.5.5 Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Missing Authorization The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including, 1.5.4. This is due to missing capability on the reload_icons function. This makes it possible for authenticated attackers, with subscriber-level access to delete the '_uabb_enabled_icons' plugin option via this function.
Affected versions
max 1.5.5.
Status
vulnerable
Previous vulnerability researches
Elizaibots (CVE-2025-49893) , Aug 20, 2025
Elizaibots (abcf8d2a13b3fd2324a04f9724e5ac9347743677) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026