CVE-2025-12782

EPSS 0.04%
Veröffentlicht 04.12.2025 06:48:39
Zuletzt bearbeitet 11.12.2025 18:17:25
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable() function. This makes it possible for authenticated attackers, with contributor level access and above, to disable the Beaver Builder layout on arbitrary posts and pages, causing content integrity issues and layout disruption on those pages.

Mögliche Gegenmaßnahme

Beaver Builder Page Builder – Drag and Drop Website Builder: Update to version 2.9.4.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Beaver Builder Page Builder – Drag and Drop Website Builder

Version *-2.9.4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fastlinemedia ≫ Beaver Builder SwEditionlite SwPlatformwordpress Version < 2.9.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.116

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.wordfence.com/threat-intel/vulnerabilities/id/710ed734-ca98-4ab3-82d5-359e683ee062?source=cve

Third Party Advisory

Product

https://plugins.trac.wordpress.org/changeset/3406987/beaver-builder-lite-version

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/710ed734-ca98-4ab3-82d5-359e683ee062

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-12782

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-12782

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-12782

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-12782