Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Beaver Builder Team | Beaver Builder Plugin (Starter Version) | unaffected |
|
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
|
The Beaver Builder Team
Subscribe
|
Beaver Builder
Subscribe
|
|
Wordpress
Subscribe
|
Wordpress
Subscribe
|
Project Subscriptions
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 19 Dec 2025 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Fastlinemedia
Fastlinemedia beaver Builder |
|
| CPEs | cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:* | |
| Vendors & Products |
Fastlinemedia
Fastlinemedia beaver Builder |
Fri, 24 Oct 2025 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
The Beaver Builder Team
The Beaver Builder Team beaver Builder Wordpress Wordpress wordpress |
|
| Vendors & Products |
The Beaver Builder Team
The Beaver Builder Team beaver Builder Wordpress Wordpress wordpress |
Thu, 23 Oct 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 23 Oct 2025 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
| Title | Beaver Builder Plugin (Starter Version) <= 2.9.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'auto_play' | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-10-23T13:40:34.247Z
Reserved: 2025-07-31T17:54:38.284Z
Link: CVE-2025-8427
Vulnrichment
Updated: 2025-10-23T13:40:29.419Z
NVD
Status : Analyzed
Published: 2025-10-23T13:15:46.113
Modified: 2025-12-19T22:15:32.730
Link: CVE-2025-8427
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-10-24T10:17:00Z