CVE-2024-2183 in Beaver Builder Addons Plugin
Summary
by MITRE • 04/10/2024
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-30424 is likely a duplicate of this issue.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/15/2025
The vulnerability identified as CVE-2024-2183 affects the Beaver Builder Addons plugin developed by WPZOOM, a popular WordPress plugin used for creating custom page layouts and designs. This issue represents a critical security flaw that allows authenticated attackers with contributor-level privileges or higher to execute persistent cross-site scripting attacks within the WordPress administration environment. The vulnerability specifically targets the Heading widget functionality within the plugin's interface, making it particularly dangerous as it can be exploited through the standard content creation workflow that many users rely on for building web pages.
The technical root cause of this vulnerability stems from inadequate input sanitization and output escaping mechanisms within the plugin's codebase. When users input content into the Heading widget, the plugin fails to properly validate or sanitize the data before storing it in the database. Additionally, the output rendering process does not adequately escape the stored content when displaying it back to users, creating an environment where malicious scripts can be persisted and executed. This represents a classic stored cross-site scripting vulnerability that falls under the CWE-0000079 category, which specifically addresses improper neutralization of input during web page generation. The vulnerability is particularly concerning because it operates at the user privilege level, meaning that attackers with minimal access rights can exploit it to compromise the entire WordPress installation.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the capability to perform various malicious activities within the compromised WordPress environment. An attacker could inject scripts that steal user session cookies, redirect visitors to malicious sites, modify content, or even establish backdoors for persistent access. The vulnerability affects all versions of the plugin up to and including version 1.3.4, indicating that a significant portion of users may be exposed to this risk. The fact that CVE-2024-30424 is likely a duplicate of this issue suggests that similar vulnerabilities may exist across related plugin components, potentially indicating broader security gaps in the WPZOOM plugin suite.
Mitigation strategies for this vulnerability should focus on immediate remediation through plugin updates to the latest version where the XSS flaw has been addressed. System administrators should also implement additional security measures such as role-based access control restrictions, regular security audits of installed plugins, and monitoring for suspicious user activities. The vulnerability demonstrates the importance of proper input validation and output escaping practices, which align with ATT&CK framework techniques targeting credential access and persistence through web application vulnerabilities. Organizations should also consider implementing web application firewalls and content security policies to provide additional layers of protection against similar attacks. Regular security assessments of third-party WordPress plugins remain essential for maintaining overall system security posture, as this vulnerability highlights the risks associated with insufficient sanitization practices in web application components.