CVE-2022-2517

Name of the Vulnerable Software and Affected Versions Beaver Builder versions up to, and including, 2.5.5.2

Description The issue arises from insufficient input sanitization and output escaping in the 'Caption - On Hover' value associated with images. This allows authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. The vulnerability can be exploited by remote attackers to perform cross-site scripting attacks.

Recommendations For versions up to, and including, 2.5.5.2, update to a version later than 2.5.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the Beaver Builder editor to minimize the risk of exploitation.