Primary

Context

Beaver Builder WordPress Page Builder Authorization Bypass Vulnerability in Versions Through 2.9.4

Vulnerability

A vulnerability allowing authorization bypass has been identified in the Beaver Builder WordPress Page Builder plugin, affecting all versions through 2.9.4. The issue arises because the plugin fails to properly verify user authorization in the 'disable()' function. This flaw enables authenticated attackers with contributor-level access or higher to disable the Beaver Builder layout on selected posts and pages, leading to disruptions in content integrity and layout.

Impact

Exploitation of this vulnerability allows for unauthorized tampering with the Beaver Builder layout, causing disruptions in the visual presentation and organization of content on affected posts and pages.

Remediation

Users can update to Beaver Builder version 2.9.4.1 or a newer patched version to address this vulnerability.

Added: Dec 4, 2025, 7:17 AM

Updated: Dec 4, 2025, 7:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Beaver Builder WordPress Page Builder Authorization Bypass Vulnerability in Versions Through 2.9.4

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating