XSS Vulnerability Affects Beaver Builder WordPress Page Builder

Stored Cross Site Scripting (XSS) Vulnerability in Beaver Builder WordPress Page Builder is a security flaw that arises from insufficient input sanitization and output escaping, allowing an attacker to inject harmful scripts directly onto the web server. This type of vulnerability is considered more dangerous than a reflected XSS because it doesn't require a victim to click a link to execute the malicious script.

To fix the XSS issue in Beaver Builder WordPress Page Builder, users should update to the patched version of the plugin, which is version 2.8.0.7 or higher. This update includes a fix for the XSS vulnerability, specifically in the Button & Button Group Modules when using lightbox, as noted in the official Beaver Builder changelog.

The Stored XSS vulnerability in Beaver Builder is rated as a 6.4 medium level threat because, while it allows attackers to inject arbitrary web scripts, they must first gain at least contributor-level access to the website. This requirement makes the vulnerability somewhat harder to exploit compared to vulnerabilities that can be exploited by unauthenticated attackers.