Reflected Cross-Site Scripting Vulnerability in Beaver Builder Plugin for WordPress
CVE-2025-8897
6.1MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 28 August 2025
What is CVE-2025-8897?
The Beaver Builder – WordPress Page Builder plugin is susceptible to a Reflected Cross-Site Scripting vulnerability through the 'fl_builder' parameter. This issue arises from insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject arbitrary web scripts into pages. The risk materializes when users are deceived into clicking malicious links, which can lead to the execution of unwanted scripts in their browsers.
Affected Version(s)
Beaver Builder – WordPress Page Builder * <= 2.9.2.1