SQL Injection Vulnerability in Beaver Builder by Beaver Builder
CVE-2026-40744

Currently unrated

Key Information:

Vendor: WordPress
Status: Beaver Builder
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-40744?

The Beaver Builder Lite Version contains a vulnerability that allows attackers to execute Blind SQL Injection attacks. This flaw impacts the plugin by improperly neutralizing special elements within SQL commands, leading to potential unauthorized access to sensitive information. Affected versions of Beaver Builder up to and including 2.10.1.2 are at risk, highlighting the importance of updating to secure versions to protect against this type of exploitation.

Affected Version(s)

Beaver Builder 0 <= 2.10.1.2

References

https://patchstack.com/database/Wordpress/Plugin/beaver-b...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

daroo | Patchstack Bug Bounty Program

CVE-2026-40744 Data

JSON

WordPress

What is CVE-2026-40744?

Affected Version(s)

References

Timeline

Credit