WordPress Plugin Vulnerabilities

Ultimate Addons for Beaver Builder < 1.25.0 - Cross-Site Scripting (XSS)

Description

From the plugin's changelog file:

"22 Jan 2020

Important Security Update: Update Now!

A security researcher privately reported a bug about cross-site scripting (XSS) vulnerability. Our team immediately took action, and provided the required patch within 2 hours, releasing the update on the same day after thorough validation.

Users don’t need to panic. We haven’t heard of any exploit attempts using this vulnerability. However, we strongly recommend all our users to update Ultimate Addons for Beaver Builder as soon as possible."

Affects Plugins

Plugin icon
ultimate-addons-for-beaver-builder
Fixed in 1.25.0

References

URL
https://www.ultimatebeaver.com/changelog/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter website
https://redearthdesign.com
Submitter twitter
redearthdesign
Verified
No
WPVDB ID
af1fef9f-e671-4d61-a217-ce801c9f71f3

Timeline

Publicly Published
2020-01-22 (about 6 years ago)
Added
2020-03-23 (about 6 years ago)
Last Updated
2020-03-24 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
eShop - wp-admin/admin.php Multiple Parameter XSS
Published
2023-10-29
Title
Shortcode Menu <= 3.2 - Contributor+ Stored Cross-Site Scripting
Published
2024-08-29
Title
EU/UK VAT Manager for WooCommerce < 3.0.0 - Reflected Cross-Site Scripting
Published
2022-04-08
Title
Floating Chat Widget < 2.8.4 - Admin+ Stored Cross-Site Scripting
Published
2014-09-22
Title
Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS