CVE-2024-0897
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 50,984 live websites that are affected by CVE-2024-0897.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 50,984 live websites (34.43% of Beaver Builder install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 289 versions ( 88.65% of all versions) |
Details
- Published - Mar 13, 2024
- Updated - Aug 1, 2024
Credits
- Maxuel (finder)
CVE References
CVE-2024-0897 usage by Country
 United States | 35,813 websites |
 Germany | 2,095 websites |
 GB | 1,785 websites |
 Japan | 1,635 websites |
 France | 1,211 websites |
 Singapore | 987 websites |
 Australia | 815 websites |
 China | 780 websites |
 Netherlands | 744 websites |
 Canada | 499 websites |
CVE-2024-0897 usage by TLD
| .com | 34,784 websites |
| .org | 2,755 websites |
| .co.uk | 1,419 websites |
| .net | 1,283 websites |
| .com.au | 1,167 websites |
| .de | 1,138 websites |
| .ca | 888 websites |
| .nl | 775 websites |
| .jp | 461 websites |
| .fr | 366 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-0897
Top websites that are affected by CVE-2024-0897. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.com | United States | **,*** | |
| ****.ca | United States | **,*** | |
| ****.net | United States | **,*** | |
| **********.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| ********.com | United States | ***,*** | |
| *****.com | United States | ***,*** |
FAQ
A total of 50,984 websites have been identified as vulnerable to CVE-2024-0897, discovered through global website indexing conducted by WebTechSurvey.
Beaver Builder is susceptible to CVE-2024-0897 vulnerability.
Beaver Builder versions before, and including, 2.7.4.2 are vulnerable to CVE-2024-0897.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=