cleantalk
Vulnerabilities and Security Researches

Beaver Builder – WordPress Page Builder, CVE-2026-40744

CVE, Research URL

CVE-2026-40744

Home page URL

Security reports for Beaver Builder – WordPress Page Builder

Application

Beaver Builder – WordPress Page Builder

Published on
Apr 15, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2.10.1.2.
Affected versions
max 2.10.1.5.
Status
vulnerable
Previous vulnerability researches
Projectopia &#8211; WordPress Project Management Plugin (CVE-2025-32648) , Apr 20, 2025
Projectopia &#8211; WordPress Project Management Plugin (CVE-2025-59133) , Apr 27, 2026
Projectopia &#8211; WordPress Project Management Plugin (CVE-2024-54336) , Dec 15, 2024
Projectopia &#8211; WordPress Project Management Plugin (CVE-2025-12876) , Dec 11, 2025
Projectopia &#8211; WordPress Project Management Plugin (CVE-2023-33999) , Jun 13, 2026
New vulnerability
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase &amp; Team Builder (CVE-2023-33999) , Jun 14, 2026
WP Travel &#8211; Best Travel Booking WordPress Plugin, Tour Management Engine (CVE-2023-33999) , Jun 14, 2026
Folders &#8211; Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager (CVE-2025-12640) , Jun 14, 2026
Page Manager for Elementor (CVE-2023-33999) , Jun 14, 2026
WUPO Group Attributes for WooCommerce (CVE-2023-33999) , Jun 14, 2026