Stored Cross-Site Scripting Vulnerability in Supreme Addons for Beaver Builder Plugin
CVE-2025-3669

6.4MEDIUM

Key Information:

Vendor

WordPress
Status
Supreme Addons For Beaver Builder –
Vendor
CVE Published:
24 July 2025

What is CVE-2025-3669?

The Supreme Addons for Beaver Builder plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to inadequate input sanitization and output escaping in the plugin's auto_qrcodesabb shortcode. This security flaw affects all versions up to and including 1.0.9. Authenticated users with contributor-level access or higher can exploit this vulnerability, allowing them to inject arbitrary web scripts into pages, which will execute whenever a visitor accesses those compromised pages. This poses a significant risk to the integrity and security of WordPress sites utilizing this plugin.

Affected Version(s)

Supreme Addons for Beaver Builder – * <= 1.0.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/plugins/supreme-addons-for-beaver-b...
https://plugins.trac.wordpress.org/browser/supreme-addons...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis
JSON
.
CVE-2025-3669 : Stored Cross-Site Scripting Vulnerability in Supreme Addons for Beaver Builder Plugin