Beaver Builder < 2.7.2.1 – Contributor+ Stored XSS | CVE 2023-50889

Affects Plugins

Fixed in 2.7.2.1

References

CVE

CVE-2023-50889

URL

https://patchstack.com/database/vulnerability/beaver-builder-lite-version/wordpress-beaver-builder-plugin-2-7-2-cross-site-scripting-xss-vulnerability

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.9 (medium)

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

a5b6de0b-0b10-4941-80c7-48d0dfef996a

Timeline

Publicly Published

2023-12-26 (about 2 years ago)

Added

2024-01-05 (about 2 years ago)

Last Updated

2024-01-05 (about 2 years ago)

Other

Published

Title

Published

2026-02-12

Title

Customer Reviews for WooCommerce < 5.98.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter

Published

2025-01-16

Title

WP-Player <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-12-13

Title

Use Your Drive < 1.18.3 - Reflected Cross-Site Scripting

Published

2024-04-09

Title

Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags

Published

2025-07-09

Title

Super Edit <= 2.5.4 - Reflected Cross-Site Scripting