Stored Cross-Site Scripting in Beaver Builder Addons by WPZOOM Plugin
CVE-2024-2186

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Beaver Builder Addons By WPzoom
Vendor: CVE Published:; 9 April 2024

Summary

The Beaver Builder Addons by WPZOOM plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in the Team Members widget. This issue allows authenticated attackers with contributor-level privileges to inject arbitrary web scripts, which can be executed on pages accessed by users. It is crucial for website administrators to update to the latest version and apply measures to prevent unauthorized access to maintain site security.

Affected Version(s)

Beaver Builder Addons by WPZOOM * <= 1.3.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3046905/wpzo...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Mar 5, 2024

Credit

Francesco Carlucci