CVE-2024-0896 in Beaver Builder Plugin
Summary
by MITRE • 03/13/2024
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/15/2025
The vulnerability identified as CVE-2024-0896 affects the Beaver Builder WordPress plugin, a popular page building tool that allows users to create web pages without requiring coding knowledge. This particular flaw exists in versions up to and including 2.7.4.2, making it a significant concern for WordPress site administrators who rely on this plugin for their website construction. The vulnerability stems from inadequate input validation and output sanitization mechanisms within the plugin's button link parameter handling functionality.
The technical implementation of this stored cross-site scripting vulnerability occurs when authenticated users with contributor level access or higher submit malicious content through the button link parameter. The plugin fails to properly sanitize user input before storing it in the database, creating a persistent XSS vector that remains active until the malicious code is manually removed. When any user accesses a page containing the injected script, the malicious code executes in their browser context, potentially leading to session hijacking, credential theft, or further exploitation of the compromised system.
From an operational perspective, this vulnerability represents a critical security risk for WordPress installations using Beaver Builder, as it requires only contributor-level privileges to exploit. This low attack threshold means that even relatively unprivileged users within a WordPress environment can potentially compromise the entire site. The stored nature of the vulnerability means that the malicious payload persists indefinitely until manually removed, making it particularly dangerous for sites with high user turnover or those that do not regularly audit their content. The impact extends beyond simple script execution, as attackers can leverage this vulnerability to establish persistent access or redirect users to malicious sites.
Organizations should immediately update to the latest version of the Beaver Builder plugin where this vulnerability has been patched, as recommended by the plugin developers and security vendors. System administrators should also implement additional monitoring for suspicious content submissions and consider implementing content security policies to mitigate potential exploitation. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and may be categorized under ATT&CK technique T1566 for social engineering through malicious content injection. Regular security audits and input validation testing should be implemented to prevent similar vulnerabilities from emerging in other plugins or custom WordPress implementations.