Platform
wordpress
Component
beaver-builder-lite-version
Opgelost in
2.9.5
CVE-2025-69319 describes a Code Injection vulnerability within Beaver Builder Lite Version, a WordPress plugin. This flaw allows attackers to inject arbitrary code, potentially leading to complete website takeover and data exfiltration. The vulnerability impacts versions from 0.0 up to and including 2.9.4.1. A patch is available in version 2.9.4.2.
The Code Injection vulnerability in Beaver Builder Lite Version poses a significant risk to WordPress websites utilizing the plugin. An attacker could leverage this flaw to execute arbitrary PHP code on the server, effectively gaining control over the website's functionality. This could manifest in various ways, including defacement, data theft (user credentials, sensitive information stored in the database), malware injection, and the installation of backdoors for persistent access. The potential blast radius extends beyond the immediate website, potentially impacting connected systems and user data. Successful exploitation could lead to a complete compromise of the WordPress installation and associated data.
As of the publication date (2026-01-22), there is no indication of active exploitation of CVE-2025-69319. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a relatively low probability of immediate exploitation. However, given the ease of code injection vulnerabilities, it is likely that exploits will emerge over time.
WordPress websites using Beaver Builder Lite Version are at risk. Specifically, sites running older versions (0.0 - 2.9.4.1) are highly vulnerable. Shared hosting environments are particularly susceptible, as they often have limited control over plugin updates and security configurations. Websites with custom Beaver Builder Lite Version integrations or modifications are also at increased risk.
• wordpress / composer / npm:
grep -r 'eval(base64_decode(' /var/www/html/wp-content/plugins/beaver-builder-lite-version/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/beaver-builder-lite-version/ | grep PHPdisclosure
Exploit Status
EPSS
0.06% (19% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-69319 is to immediately upgrade Beaver Builder Lite Version to version 2.9.4.2 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the Beaver Builder Lite Version plugin. While not a complete solution, implementing strict input validation and sanitization on any user-supplied data processed by the plugin can help reduce the attack surface. Monitor WordPress access logs for unusual PHP execution patterns or attempts to access sensitive files. After upgrading, confirm the fix by attempting to inject a simple PHP payload through a vulnerable input field and verifying that it is properly sanitized and does not execute.
Update naar versie 2.9.4.2, of een nieuwere gepatchte versie
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-69319 is a Code Injection vulnerability affecting Beaver Builder Lite Version, allowing attackers to inject malicious code. It has a CVSS score of 7.5 (HIGH).
You are affected if you are using Beaver Builder Lite Version 0.0 through 2.9.4.1. Check your plugin version and update immediately if vulnerable.
Upgrade Beaver Builder Lite Version to version 2.9.4.2 or later to resolve the vulnerability. If immediate upgrade is not possible, disable the plugin temporarily.
As of the publication date, there is no evidence of active exploitation, but the vulnerability remains a risk.
Refer to the official Beaver Builder website and WordPress plugin repository for the latest security advisories and updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.