CVE-2024-2186 in Beaver Builder Addons Plugin
Summary
by MITRE • 04/10/2024
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/15/2025
The vulnerability identified as CVE-2024-2186 affects the Beaver Builder Addons plugin developed by WPZOOM, specifically targeting the Team Members widget functionality within WordPress environments. This issue represents a critical security flaw that undermines the integrity of web applications by enabling malicious actors to execute unauthorized code within the context of affected websites. The vulnerability exists in plugin versions up to and including 1.3.4, making it a widespread concern for WordPress administrators who have not yet updated their installations. The flaw stems from inadequate input sanitization mechanisms and insufficient output escaping procedures that fail to properly validate or sanitize user-provided data before it is processed and rendered within web pages.
The technical exploitation of this vulnerability occurs through a stored cross-site scripting attack vector where authenticated attackers with contributor-level privileges or higher can inject malicious scripts into the Team Members widget configuration. These scripts become permanently stored within the application's database and execute whenever any user accesses pages containing the compromised widget. This type of vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically classified as a stored XSS flaw that allows attackers to persist malicious code within the application's data storage. The ATT&CK framework categorizes this as a code injection technique under the T1566.001 sub-technique, where adversaries leverage vulnerabilities in input validation to execute arbitrary code in the context of the victim's browser session.
The operational impact of CVE-2024-2186 extends beyond simple data theft or defacement, as it provides attackers with persistent access to compromised websites through legitimate user interactions. When compromised users browse pages containing the injected scripts, their browsers execute the malicious code, potentially leading to session hijacking, credential theft, or redirection to malicious sites. The vulnerability's accessibility to contributor-level users significantly amplifies its threat potential, as this privilege level typically allows users to modify content and widgets within WordPress installations, making it easier for attackers to establish persistent footholds within target environments. The stored nature of the XSS payload means that the malicious code remains active until manually removed by administrators, creating a long-term security risk that can affect all users who access compromised pages.
Mitigation strategies for CVE-2024-2186 require immediate action from WordPress administrators to upgrade the affected plugin to version 1.3.5 or later, which contains the necessary patches to address the input sanitization and output escaping deficiencies. System administrators should also implement additional security measures such as monitoring user activities for unauthorized widget modifications and conducting regular security audits of installed plugins. The vulnerability highlights the importance of proper input validation and output escaping practices in web application development, as recommended by the OWASP Top Ten security standards. Organizations should consider implementing Content Security Policy headers as an additional defense-in-depth measure to limit the execution of unauthorized scripts. Regular plugin updates and comprehensive security monitoring are essential practices to prevent exploitation of similar vulnerabilities that may arise from inadequate sanitization of user inputs in web applications.