Fastlinemedia Beaver Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Fastlinemedia Beaver Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2025-4102 — CVSS 7.2 (high): The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type…
CVE-2024-43926 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver…
CVE-2024-37500 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver…
CVE-2023-50889 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver…
CVE-2024-30425 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder…
CVE-2024-53797 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder…
CVE-2024-0896 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link…
CVE-2024-0897 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter…
CVE-2024-9505 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button…
CVE-2024-7895 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’…
CVE-2024-1080 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag…
CVE-2024-11832 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript…
CVE-2024-2925 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button…
CVE-2024-3923 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target…
CVE-2024-4430 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop…
CVE-2024-9049 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button…
CVE-2024-1074 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget…
CVE-2022-2517 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value…
CVE-2022-2695 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added…
CVE-2022-2716 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in…
CVE-2022-2934 — CVSS 6.4 (medium): The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in…
CVE-2025-8427 — CVSS 6.4 (medium): The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’…
CVE-2025-8897 — CVSS 6.1 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'fl_builder'…
CVE-2024-50430 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder…
CVE-2024-0871 — CVSS 5.4 (medium): The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link…
CVE-2024-1038 — CVSS 5.4 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a…
CVE-2021-42748 — CVSS 5.3 (medium): In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.
CVE-2025-12782 — CVSS 4.3 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and…
CVE-2025-12558 — CVSS 4.3 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to…
CVE-2025-11726 — CVSS 4.3 (medium): The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and…