Beaver Builder Page Builder – Drag and Drop Website Builder

Vulnerabilities 34Slug beaver-builder-lite-versionLatest version 2.10.1.5WordPress.org →

Minimum safe version

2.10.1.5

Update to 2.10.1.5 or later to address 34 fixable vulnerabilities

Latest available2.10.1.5
Medium 6.1
2025-08-28< 2.9.3.1

Beaver Builder Plugin (Lite Version) <= 2.9.2.1 - Reflected Cross-Site Scripting

EUVDWordfenceCVE
N/A
2026-02-10< 2.10.0.6

Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings

WordfenceCVE
Medium 6.4
2026-04-08< 2.10.1.2

Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]'

EUVDWordfenceCVE
Medium 4.3
2025-12-09< 2.9.4.1

CVE-2025-12558

CVEWordfence
Medium 4.3
2025-12-04< 2.9.4.1

CVE-2025-12782

CVEWordfence
Medium 4.3
2025-12-02< 2.9.4.1

CVE-2025-11726

CVEWordfence
Medium 6.4
2024-12-13< 2.8.5.3

CVE-2024-11832

CVEWordfence
Medium 6.5
2024-12-26< 2.7.2.1

WordPress Beaver Builder Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

PatchstackCVEWordfenceWPScan
N/A
2016-02-08< 1.7.1

Beaver Builder – WordPress Page Builder (Free & Pro) <= 1.7 - Authorization Bypass

Wordfence
Medium 5.4
2023-07-20< 2.5.4.4

WordPress Beaver Builder Plugin <= 2.5.4.3 is vulnerable to Broken Access Control

PatchstackCVEWordfenceWPScan