PT-2025-34957 · WordPress · Beaver Builder – Wordpress Page Builder

Jack Pas

Published

2025-08-28

Updated

2025-08-28

CVE-2025-8897

Report an issue

CVSS v3.1

6.1

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

Beaver Builder – WordPress Page Builder plugin versions prior to 2.9.2.1

Description:

The Beaver Builder – WordPress Page Builder plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if a user is tricked into performing an action, such as clicking a link. The vulnerability occurs via the `fl builder` parameter.

Recommendations:

Update Beaver Builder – WordPress Page Builder plugin to a version later than 2.9.2.1.

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-8897

Affected Products

Beaver Builder – Wordpress Page Builder

PT-2025-34957 · WordPress · Beaver Builder – Wordpress Page Builder

Weakness Enumeration

Related Identifiers

Affected Products

References · 6