Description
The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_enabled_icons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 2.9.1.
Published: 2025-06-20
Score: 7.2 High
EPSS: 1.4% Low
KEV: No
Impact: Remote Code Execution (possible)
Action: Patch
AI Analysis

Impact

The Beaver Builder Plugin (Starter Version) allows authenticated administrators to upload arbitrary files because the 'save_enabled_icons' function does not validate the file type. This flaw can be leveraged to place malicious scripts on the server, enabling remote code execution if an attacker uploads a file that is executable by the web server. The weakness is a classic arbitrary file upload, classified as CWE-434.

Affected Systems

WordPress sites running the Beaver Builder Starter Edition (Lite) version 2.9.1 or earlier are affected. The affected products include all releases up to 2.9.1, as listed by the Beaver Builder Team. Hosts must run the plugin in WordPress and have an account with Administrator or higher privileges.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity vulnerability. The EPSS score of 1% shows that exploitation is considered likely but not extremely common. The vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known active exploits yet. Attackers would need authenticated access at an admin level, but once obtained they could upload and execute files without additional constraints, making this a significant threat for administrators who enable the icon upload feature.

Generated by OpenCVE AI on April 22, 2026 at 17:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Beaver Builder to the latest version (2.9.1 or newer) to remove the missing file type validation.
  • Disable or remove the 'save_enabled_icons' feature if it is not required for your site, thereby eliminating the upload vector.
  • Configure WordPress or the server to allow only trusted MIME types for uploads and enforce restrictive file permissions on the uploads directory to prevent execution of uploaded files.

Generated by OpenCVE AI on April 22, 2026 at 17:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27983 The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_enabled_icons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 2.9.1.
History

Fri, 11 Jul 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Fastlinemedia
Fastlinemedia beaver Builder
CPEs cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:*
Vendors & Products Fastlinemedia
Fastlinemedia beaver Builder

Fri, 20 Jun 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Jun 2025 11:30:00 +0000

Type Values Removed Values Added
Description The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_enabled_icons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 2.9.1.
Title Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Fastlinemedia Beaver Builder
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:44:28.918Z

Reserved: 2025-04-29T22:35:47.730Z

Link: CVE-2025-4102

cve-icon Vulnrichment

Updated: 2025-06-20T12:49:11.835Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-20T12:15:22.140

Modified: 2025-07-11T12:39:11.507

Link: CVE-2025-4102

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T17:15:22Z

Weaknesses