Reflected XSS Vulnerability in PowerPack for Beaver Builder
CVE-2024-43330

7.1HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
18 August 2024

What is CVE-2024-43330?

A security vulnerability has been identified in PowerPack for Beaver Builder, where improper neutralization of input during web page generation can lead to reflected Cross-site Scripting (XSS) attacks. This can allow attackers to execute arbitrary scripts in the context of a user's browser, potentially compromising sensitive information or delivering malicious payloads. The issue specifically affects versions of PowerPack for Beaver Builder prior to 2.37.4. It is essential for users to update to the latest version to mitigate these risks.

Affected Version(s)

PowerPack for Beaver Builder < 2.37.4

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.