CVE-2024-2187 in Beaver Builder Addons Plugin
Summary
by MITRE • 04/09/2024
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/15/2025
The vulnerability identified as CVE-2024-2187 affects the Beaver Builder Addons plugin developed by WPZOOM, specifically targeting the Testimonials widget functionality within WordPress environments. This issue represents a critical security flaw that undermines the integrity of web applications by allowing malicious actors to execute unauthorized scripts within the context of legitimate user sessions. The vulnerability exists in all plugin versions up to and including 1.3.4, making it a widespread concern for WordPress administrators who have not yet updated their installations. The security weakness stems from inadequate input sanitization mechanisms and insufficient output escaping protocols that fail to properly validate or encode user-supplied data before it is processed and rendered within web pages.
The technical exploitation of this vulnerability occurs through stored cross-site scripting mechanisms that enable authenticated attackers with contributor-level privileges or higher to inject malicious JavaScript code into the Testimonials widget configuration. When legitimate users access pages containing the compromised widget, the injected scripts execute automatically within their browser context, potentially leading to session hijacking, credential theft, or further exploitation of the compromised user's privileges. This type of vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically classified as a stored XSS variant where malicious input is permanently stored on the server and subsequently served to other users. The attack vector is particularly concerning because it requires only contributor-level access, which is often granted to trusted users who may not be fully aware of the security implications of their actions.
The operational impact of CVE-2024-2187 extends beyond simple script execution, potentially enabling sophisticated attack chains that leverage the compromised environment for broader security breaches. Attackers can craft malicious testimonials that contain embedded scripts designed to steal cookies, redirect users to malicious sites, or even establish persistent backdoors within the WordPress installation. The vulnerability's presence in the Testimonials widget means that any page displaying this content becomes a potential attack surface, affecting all users who view these pages. This makes the impact particularly severe in collaborative environments where multiple contributors may have access to the content management system, as a single compromised contributor account can lead to widespread script injection across the entire website. The vulnerability aligns with ATT&CK technique T1566.001 for credential access through phishing and T1059.007 for command and scripting interpreter through JavaScript execution.
Mitigation strategies for CVE-2024-2187 should prioritize immediate plugin updates to the latest available version that addresses the sanitization and escaping deficiencies. Administrators must ensure that all users with contributor-level access or higher undergo security training to understand the potential risks of injecting content that could be exploited. The implementation of Content Security Policy headers can provide additional protection layers against script execution, while regular security audits of plugin configurations should be conducted to identify and remediate similar vulnerabilities. Input validation should be strengthened to properly sanitize all user-supplied data, and output escaping mechanisms must be enforced to prevent the execution of malicious scripts. Organizations should also implement monitoring systems to detect unusual content injection patterns and maintain updated threat intelligence to identify potential exploitation attempts. The vulnerability demonstrates the critical importance of proper input validation and output encoding practices as outlined in OWASP Top Ten security principles, particularly emphasizing the need for defense-in-depth strategies that protect against both authenticated and unauthenticated attack vectors.