CVE-2024-2185 in Beaver Builder Addons Plugin
Summary
by MITRE • 04/09/2024
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/15/2025
The vulnerability identified as CVE-2024-2185 affects the Beaver Builder Addons plugin developed by WPZOOM, specifically targeting the Image Box widget functionality within WordPress environments. This security flaw exists in all versions up to and including 1.3.4, creating a persistent risk for websites utilizing this plugin. The vulnerability stems from inadequate input sanitization and insufficient output escaping mechanisms that fail to properly validate or escape user-supplied data before it is processed and rendered within web pages.
The technical implementation of this stored cross-site scripting vulnerability allows authenticated attackers who possess contributor-level permissions or higher to inject malicious scripts into the plugin's Image Box widget. When legitimate users access pages containing these injected scripts, the malicious code executes within their browser context, potentially leading to unauthorized data theft, session hijacking, or redirection to malicious websites. This type of vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically classified as a stored XSS variant where the malicious payload is permanently stored on the target server rather than being reflected in a single request.
From an operational standpoint, this vulnerability presents significant risk to WordPress websites that rely on the Beaver Builder plugin for page construction and content management. Attackers with contributor-level access can exploit this weakness to compromise the entire website's security posture, as the injected scripts can execute with the privileges of any user who views the affected pages. The impact extends beyond simple script execution since these scripts can potentially access cookies, localStorage, and other browser-based data storage mechanisms, enabling sophisticated attacks such as credential theft or privilege escalation. This vulnerability aligns with ATT&CK technique T1566.001 for initial access through spearphishing attachments and T1059.001 for command and scripting interpreter usage, demonstrating how a seemingly minor plugin vulnerability can facilitate broader attack vectors.
Organizations should immediately update to the latest version of the Beaver Builder Addons plugin to remediate this vulnerability, as no patch exists for versions prior to the fixed release. System administrators should also implement monitoring for unusual activity in contributor accounts and conduct regular security audits of installed plugins. Additional mitigations include implementing web application firewalls to detect and block suspicious script injections, restricting contributor-level permissions to only necessary functions, and maintaining comprehensive backup strategies to quickly restore affected systems. The vulnerability demonstrates the critical importance of input validation and output escaping in web applications, particularly in content management systems where user-generated content processing is prevalent. This issue underscores the necessity for continuous security assessment of third-party plugins and the implementation of defense-in-depth strategies to protect against such persistent threats.