Beaver Builder, a widely used WordPress Page Builder, has been discovered to have an XSS vulnerability. This vulnerability could potentially allow an attacker to insert harmful scripts into a website, which would then execute when a visitor accesses a webpage.
Stored Cross Site Scripting (XSS) Vulnerability:
Beaver Builder, a widely used plugin, enables individuals to design a polished website effortlessly through a user-friendly drag and drop feature. Users have the option to begin with a pre-made template or build a website from the ground up.
Security researchers at Wordfence recently warned about a vulnerability in the page builder plugin that could be exploited by attackers. This type of vulnerability, known as an XSS vulnerability, is often found in themes or plugins that allow user input. The issue arises when there is not enough filtering of the input, a process called input sanitization. Another issue that can lead to an XSS vulnerability is insufficient output escaping, which is a security measure that prevents harmful scripts from being executed on a website browser.
This particular vulnerability is known as a Stored XSS. In a Stored XSS attack, an attacker is able to inject a script directly onto the web server. This is different from a Reflected XSS attack, where a victim needs to click on a link to a compromised website to execute a malicious script. Generally, a Stored XSS vulnerability, such as the one affecting the Beaver Builder plugin, is considered more dangerous than a Reflected XSS vulnerability.
The security flaws that gave rise to an XSS vulnerability in the Beaver Builder were due to insufficient input sanitization and output escaping.
Wordfence described the vulnerability:
The Beaver Builder – WordPress Page Builder plugin for WordPress has a vulnerability to Stored Cross-Site Scripting through the plugin’s Button Widget. This vulnerability exists in all versions up to 2.8.0.5. It occurs due to inadequate input sanitization and output escaping on user-supplied attributes. As a result, authenticated attackers with contributor-level access and above can insert arbitrary web scripts into pages. These scripts will run whenever a user visits the affected page.
This vulnerability has a rating of 6.4, indicating a medium level threat. In order to exploit this vulnerability, attackers must first obtain contributor-level permissions. This requirement adds an extra layer of difficulty for attackers looking to take advantage of this vulnerability.
The official Beaver Builder changelog, which documents what’s contained in an update, notes that a patch was issued in version 2.8.0.7.
The changelog notes:
It's a good idea to address the XSS issue in the Button & Button Group Modules when using the lightbox. It's important to update and patch vulnerabilities before they can be exploited by attackers. Before implementing the update, it's best to test it on a staging site to avoid any conflicts with other plugins or themes.
Read the Wordfence advisory:
Beaver Builder – WordPress Page Builder <= 2.8.0.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via Button
See also:
The WordPress Security Guide To Keep Your Site Safe
WordPress Security: 16 Steps to Secure & Protect Your Site
Featured Image by Shutterstock/Prostock-studio
Editor's P/S:
The discovery of an XSS vulnerability in Beaver Builder, a popular WordPress page builder plugin, is a reminder of the importance of website security. This vulnerability could potentially allow attackers