Ultimate Addons for Beaver Builder < 1.25.0 - Cross-Site Scripting (XSS)



Description
From the plugin's changelog file:

"22 Jan 2020

Important Security Update: Update Now!

A security researcher privately reported a bug about cross-site scripting (XSS) vulnerability. Our team immediately took action, and provided the required patch within 2 hours, releasing the update on the same day after thorough validation.

Users don’t need to panic. We haven’t heard of any exploit attempts using this vulnerability. However, we strongly recommend all our users to update Ultimate Addons for Beaver Builder as soon as possible."

Affects Plugin

fixed in version 1.25.0
- plugin closed

References

URL https://www.ultimatebeaver.com/changelog/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Website https://redearthdesign.com
Submitter Twitter redearthdesign
Views 612
Verified No
WPVDB ID 10141

Timeline

Publicly Published 2020-01-22 (4 months ago)
Added 2020-03-23 (2 months ago)
Last Updated 2020-03-24 (2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin