Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Stored XSS.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.5.
Published: 2025-05-19
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper neutralization of input during web page generation, enabling the storage of malicious scripts that are later displayed on the website. As a result, browsers rendering affected pages may execute arbitrary JavaScript, presenting a client‑side attack surface.

Affected Systems

The Xpro Addons For Beaver Builder – Lite WordPress plugin, from the earliest release through version 1.5.5, is affected.

Risk and Exploitability

With a CVSS score of 6.5, the flaw is rated as moderate. The EPSS score is below 1 %, indicating a low probability of exploitation at the time of analysis. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector involves an attacker submitting crafted input via a web form or admin interface that the plugin stores and later displays, and based on the description it is inferred that the stored data is rendered without proper escaping. Remote users who view the affected pages would be susceptible to the injected scripts.

Generated by OpenCVE AI on April 30, 2026 at 19:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Xpro Addons For Beaver Builder – Lite to a version newer than 1.5.5.
  • If an instant upgrade is not feasible, temporarily deactivate or uninstall the plugin to remove the attack surface.
  • Apply a web application firewall or input sanitization rule that blocks script payloads in the plugin’s data fields until a patch is applied.

Generated by OpenCVE AI on April 30, 2026 at 19:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28152 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder &#8211; Lite allows Stored XSS. This issue affects Xpro Addons For Beaver Builder &#8211; Lite: from n/a through 1.5.5.
History

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder &#8211; Lite xpro-addons-beaver-builder-elementor allows Stored XSS.This issue affects Xpro Addons For Beaver Builder &#8211; Lite: from n/a through <= 1.5.5. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Stored XSS.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.5.

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder &#8211; Lite allows Stored XSS. This issue affects Xpro Addons For Beaver Builder &#8211; Lite: from n/a through 1.5.5. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder &#8211; Lite xpro-addons-beaver-builder-elementor allows Stored XSS.This issue affects Xpro Addons For Beaver Builder &#8211; Lite: from n/a through <= 1.5.5.
Title WordPress Xpro Addons For Beaver Builder – Lite <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Mon, 19 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 May 2025 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder &#8211; Lite allows Stored XSS. This issue affects Xpro Addons For Beaver Builder &#8211; Lite: from n/a through 1.5.5.
Title WordPress Xpro Addons For Beaver Builder – Lite <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:18:34.515Z

Reserved: 2025-05-19T14:12:49.258Z

Link: CVE-2025-48232

cve-icon Vulnrichment

Updated: 2025-05-19T15:11:37.075Z

cve-icon NVD

Status : Deferred

Published: 2025-05-19T15:15:25.497

Modified: 2026-04-28T19:32:39.820

Link: CVE-2025-48232

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T20:00:14Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')