WordPress Plugin Vulnerabilities

Ultimate Addons for Beaver Builder <= 1.24.0 - Authentication Bypass

Description

A vulnerability affecting the Ultimate Addons for Beaver Builder WordPress plugin allows malicious users to authenticate as any other user due to the lack of checks when logging in via Facebook or Google.

Affects Plugins

Plugin icon
bb-ultimate-addon
Fixed in 1.24.1

References

Exploitdb
47832
URL
https://www.malcare.com/blog/critical-vulnerability-ultimate-addons-wpastra-elementor-beaver-builder/
URL
https://www.ultimatebeaver.com/security-update-1241/
URL
https://www.webarxsecurity.com/critical-vulnerability-in-ultimate-add-ons-elementor/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Original Researcher
MalCare
Verified
No
WPVDB ID
90f55278-73c2-44d2-8670-054ebc0953db

Timeline

Publicly Published
2019-12-12 (about 6 years ago)
Added
2019-12-12 (about 6 years ago)
Last Updated
2020-01-01 (about 6 years ago)

Other

Published
Title
Published
2025-06-11
Title
Workreap < 3.3.2 - Authentication Bypass via 'workreap_verify_user_account'
Published
2014-08-01
Title
G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities
Published
2024-08-14
Title
MStore API – Create Native Android & iOS Apps On The Cloud < 4.15.3 - Authentication Bypass to Account Takeover
Published
2024-11-05
Title
Heateor Social Login WordPress < 1.1.36 - Authentication Bypass
Published
2024-03-11
Title
Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access