CVE-2022-2716

Name of the Vulnerable Software and Affected Versions Beaver Builder versions up to, and including, 2.5.5.2

Description The issue exists due to insufficient input sanitization and output escaping in the 'Text Editor' block of the Beaver Builder plugin for WordPress. This allows authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. The exploitation of this issue can enable remote attackers to perform cross-site scripting attacks.

Recommendations For versions up to, and including, 2.5.5.2, update to a version that includes the necessary security patches to fix the insufficient input sanitization and output escaping in the 'Text Editor' block. As a temporary workaround, consider restricting access to the 'Text Editor' block in the Beaver Builder editor to minimize the risk of exploitation.