CVE-2024-37500
WordPress Beaver Builder plugin <= 2.8.2.2 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.2.2.
We have discovered 58,665 live websites that are affected by CVE-2024-37500.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 58,665 live websites (39.62% of Beaver Builder install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 306 versions ( 93.87% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jul 21, 2024
- Updated - Aug 2, 2024
Credits
- João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance) (finder)
CWE
CVE References
CWE References
CVE-2024-37500 usage by Country
 United States | 41,431 websites |
 Germany | 2,454 websites |
 GB | 2,057 websites |
 Japan | 1,668 websites |
 France | 1,377 websites |
 Singapore | 1,032 websites |
 Australia | 958 websites |
 Netherlands | 925 websites |
 China | 786 websites |
 Canada | 605 websites |
CVE-2024-37500 usage by TLD
| .com | 39,631 websites |
| .org | 3,288 websites |
| .co.uk | 1,679 websites |
| .net | 1,452 websites |
| .com.au | 1,399 websites |
| .de | 1,374 websites |
| .ca | 1,042 websites |
| .nl | 965 websites |
| .jp | 469 websites |
| .fr | 463 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-37500
Top websites that are affected by CVE-2024-37500. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.com | United States | **,*** | |
| ********.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| **************.com | United States | **,*** | |
| ****.ca | United States | **,*** | |
| ****.net | United States | **,*** | |
| **********.com | United States | **,*** | |
| **************.com | United States | **,*** | |
| **************.org | Singapore | **,*** | |
| **********.com | United States | **,*** |
FAQ
CVE-2024-37500 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Beaver Builder
A total of 58,665 websites have been identified as vulnerable to CVE-2024-37500, discovered through global website indexing conducted by WebTechSurvey.
Beaver Builder is susceptible to CVE-2024-37500 vulnerability.
Beaver Builder versions before, and including, 2.8.2.2 are vulnerable to CVE-2024-37500.