CVE-2022-0176

Name of the Vulnerable Software and Affected Versions PowerPack Lite for Beaver Builder WordPress plugin versions prior to 1.2.9.3

Description The issue concerns a Reflected Cross-Site Scripting problem. It arises because the tab parameter is not properly sanitised and escaped before being outputted back in an admin page. This lack of sanitisation and escaping can lead to malicious script execution.

Recommendations For versions prior to 1.2.9.3, update to version 1.2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the tab parameter is outputted to minimize the risk of exploitation. Avoid using the tab parameter in the affected admin page until the issue is resolved.