CVE-2023-50889 – WordPress Beaver Builder Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-50889
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en The Beaver Builder Team Beaver Builder – WordPress Page Builder permite XSS almacenado. Este problema afecta a Beaver Builder – WordPress Page Builder: desde n/a hasta 2.7.2 . The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/beaver-builder-lite-version/wordpress-beaver-builder-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2716 – Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor
https://notcve.org/view.php?id=CVE-2022-2716
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El Beaver Builder - WordPress Page Builder para WordPress es vulnerable al Stored Cross-Site Scripting por medio del bloque "Text Editor" en versiones hasta, e incluyendo, la 2.5.5.2 debido a un saneo insuficiente de entrada y escape de la salida. Esto hace posible a atacantes autenticados con acceso al editor de Beaver Builder inyectar scripts web arbitrarios en las páginas que ejecutarán cada vez que un usuario acceda a una página inyectada. • https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2716 https://www.wpbeaverbuilder.com/change-logs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2934 – Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL
https://notcve.org/view.php?id=CVE-2022-2934
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Beaver Builder - WordPress Page Builder para WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado por medio del valor "Image URL" encontrado en el bloque Media en versiones hasta, e incluyendo, 2.5.5.2 debido a un saneo insuficiente de entrada y escape de salida. Esto hace posible a atacantes autenticados con acceso al editor Beaver Builder inyectar scripts web arbitrarios en las páginas que ejecutarán cada vez que un usuario acceda a una página inyectada. The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. • https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2934 https://www.wpbeaverbuilder.com/change-logs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2695 – Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption'
https://notcve.org/view.php?id=CVE-2022-2695
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Beaver Builder - WordPress Page Builder para WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado por medio del parámetro "caption" añadido a las imágenes por medio del cargador de medios en versiones hasta, e incluyendo, 2.5.5.2 debido a un saneo insuficiente de entrada y escape de salida. Esto hace posible a atacantes autenticados con acceso al editor Beaver Builder y la capacidad de cargar archivos multimedia inyectar scripts web arbitrarios en páginas que ejecutarán cada vez que un usuario acceda a una página inyectada. • https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2695 https://www.wpbeaverbuilder.com/change-logs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2517 – Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover
https://notcve.org/view.php?id=CVE-2022-2517
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El Beaver Builder - WordPress Page Builder para WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado por medio del valor "Caption - On Hover" asociado a las imágenes en versiones hasta, e incluyendo, la 2.5.5.2 debido a la insuficiente sanitización de la entrada y escape de la salida. Esto hace posible a atacantes autenticados con acceso al editor Beaver Builder inyecten scripts web arbitrarios en las páginas que ejecutarán cada vez que un usuario acceda a una página inyectada. • https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2517 https://www.wpbeaverbuilder.com/change-logs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •