VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Aug 07, 2024

Ultimate Addons for Beaver Builder – Lite Vulnerabilities

Review known vulnerability records for the WordPress plugin Ultimate Addons for Beaver Builder – Lite (`ultimate-addons-for-beaver-builder-lite`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-43151, CVE-2024-2142 and CVE-2024-2140, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
0
Patch Coverage
100%
Last Updated
Aug 14, 2024
Priority CVE Quick Links

Fast paths into Ultimate Addons for Beaver Builder – Lite CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
8
CVE-2024-43151 Medium 1.5.10
CVE-2024-43151 Ultimate Addons for Beaver Builder – Lite Stored Cross-Site Scripting

Ultimate Addons for Beaver Builder – Lite <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-2142 Medium 1.5.8
CVE-2024-2142 Ultimate Addons for Beaver Builder – Lite Stored Cross-Site Scripting

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget

CVE-2024-2140 Medium 1.5.8
CVE-2024-2140 Ultimate Addons for Beaver Builder – Lite Stored Cross-Site Scripting

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget

CVE-2024-2144 Medium 1.5.8
CVE-2024-2144 Ultimate Addons for Beaver Builder – Lite Stored Cross-Site Scripting

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget

CVE-2024-2141 Medium 1.5.8
CVE-2024-2141 Ultimate Addons for Beaver Builder – Lite Stored Cross-Site Scripting

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

CVE-2024-2143 Medium 1.5.8
CVE-2024-2143 Ultimate Addons for Beaver Builder – Lite Stored Cross-Site Scripting

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget

CVE-2023-23882 Medium 1.5.5
CVE-2023-23882 Ultimate Addons for Beaver Builder – Lite Cross-Site Request Forgery

Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Cross-Site Request Forgery

CVE-2023-23882 Medium 1.5.6
CVE-2023-23882 Ultimate Addons for Beaver Builder – Lite Authorization Bypass

Ultimate Addons for Beaver Builder - Lite <= 1.5.5 - Authenticated (Subscriber+) Settings Change

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Ultimate Addons for Beaver Builder – Lite so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
9 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2024-43151, CVE-2024-2142 and CVE-2024-2140
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Ultimate Addons for Beaver Builder – Lite

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-43151
CVE-2024-43151: Ultimate Addons for Beaver Builder – Lite <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

Published
Aug 07, 2024
Patched Release
1.5.10
Affected Versions
Versions up to 1.5.9
Next Step
Update to 1.5.10 or newer if supported.
Open CVE-2024-43151 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2142
CVE-2024-2142: Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

Published
Mar 29, 2024
Patched Release
1.5.8
Affected Versions
Versions up to 1.5.7
Next Step
Update to 1.5.8 or newer if supported.
Open CVE-2024-2142 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2140
CVE-2024-2140: Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authent...

Published
Mar 29, 2024
Patched Release
1.5.8
Affected Versions
Versions up to 1.5.7
Next Step
Update to 1.5.8 or newer if supported.
Open CVE-2024-2140 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2144
CVE-2024-2144: Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authen...

Published
Mar 29, 2024
Patched Release
1.5.8
Affected Versions
Versions up to 1.5.7
Next Step
Update to 1.5.8 or newer if supported.
Open CVE-2024-2144 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2141
CVE-2024-2141: Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a...

Published
Mar 29, 2024
Patched Release
1.5.8
Affected Versions
Versions up to 1.5.7
Next Step
Update to 1.5.8 or newer if supported.
Open CVE-2024-2141 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2143
CVE-2024-2143: Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Published
Mar 29, 2024
Patched Release
1.5.8
Affected Versions
Versions up to 1.5.7
Next Step
Update to 1.5.8 or newer if supported.
Open CVE-2024-2143 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-23882
CVE-2023-23882: Ultimate Addons for Beaver Builder - Lite <= 1.5.5 - Authenticated (Subscriber+) Settings Change

The Ultimate Addons for Beaver Builder - Lite plugin for WordPress is vulnerable to authorization bypass due to a missing capability and nonce check on the 'fetch_cloud_templates' function in versions up to, and including, 1.5.5. This makes it possible for subscriber-level attack...

Published
Jan 24, 2023
Patched Release
1.5.6
Affected Versions
Versions up to 1.5.5
Next Step
Update to 1.5.6 or newer if supported.
Open CVE-2023-23882 Report Open CVE Reference
Plugin Medium Patched: Yes
Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Missing Authorization

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including, 1.5.4. This is due to missing capability on the reload_icons function. This makes it possible for authenticated attackers, with subscriber-le...

Published
Jan 23, 2023
Patched Release
1.5.5
Affected Versions
Versions up to 1.5.4
Next Step
Update to 1.5.5 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes CVE-2023-23882
CVE-2023-23882: Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Cross-Site Request Forgery

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on the reload_icons function. This makes it possible for unauthenticated at...

Published
Jan 23, 2023
Patched Release
1.5.5
Affected Versions
Versions up to 1.5.4
Next Step
Update to 1.5.5 or newer if supported.
Open CVE-2023-23882 Report Open CVE Reference