XSS Vulnerability Affects Beaver Builder WordPress Page Builder

April 03, 2024

The popular Beaver Builder WordPress Page Builder was found to contain an XSS vulnerability that can allow an attacker to inject scripts into the website that will run when a user visits a webpage. Stored Cross Site Scripting (XSS) VulnerabilitySecurity researchers at Wordfence published an advisory about an XSS vulnerability affecting the page builder plugin. A stored XSS (as affects the Beaver Builder), is generally considered to be more dangerous than a reflected XSS. The security flaws that gave rise to an XSS vulnerability in the Beaver Builder were due to insufficient input sanitization and output escaping. Read the Wordfence advisory:Beaver Builder – WordPress Page Builder <= 2.8.0.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via ButtonSee also:Featured Image by Shutterstock/Prostock-studio

The source of this news is from Search Engine Journal