Cybersecurity Vulnerabilities

CVE-2025-11726: Beaver Builder Global Preset Vulnerability Exposes Websites

December 2, 2025 - By 

Overview

CVE-2025-11726 is a medium severity vulnerability affecting the Beaver Builder – WordPress Page Builder plugin for WordPress. Specifically, versions up to and including 2.9.4 are susceptible to Missing Authorization. This flaw allows authenticated attackers with contributor-level access or higher to modify or delete global color and background presets site-wide. These presets affect all content created with Beaver Builder, potentially leading to defacement or unwanted changes to the website’s appearance.

Technical Details

The vulnerability stems from insufficient capability checks within the ‘fl-controls/v1’ REST API endpoints. These endpoints control the global presets functionality within Beaver Builder. Authenticated users, even those with contributor roles (which typically have limited privileges), can access and manipulate these endpoints due to the missing authorization checks. This allows them to add, modify, or delete global color and background presets.

The vulnerable code can be seen in the following files (as of version 2.9.4):

CVSS Analysis

  • Severity: MEDIUM
  • CVSS Score: 4.3

A CVSS score of 4.3 indicates a medium severity vulnerability. The access complexity is low and no user interaction is required, however, exploitation requires authentication. This means an attacker must have valid user credentials to exploit the vulnerability. The impact is limited to modifications of site content and appearance.

Possible Impact

Successful exploitation of this vulnerability could lead to:

  • Website Defacement: Attackers could change the global color scheme and background presets, making the website look unprofessional or display unwanted content.
  • Loss of Brand Consistency: Altering global styles can disrupt the website’s branding and visual identity.
  • Denial of Service (Indirect): If critical styling elements are deleted, the website may become unusable or difficult to navigate.
  • Phishing Attacks (Potential): Although less direct, the vulnerability could be used as a component in more complex phishing attempts by altering the appearance of the website to trick users.

Mitigation and Patch Steps

The primary mitigation step is to update the Beaver Builder plugin to the latest version. The vulnerability has been patched in versions released after 2.9.4. To update:

  1. Log in to your WordPress admin dashboard.
  2. Navigate to “Plugins” -> “Installed Plugins”.
  3. Locate the “Beaver Builder” plugin.
  4. If an update is available, click “Update Now”.

You can review the changes introduced to fix the vulnerability here.

Additional Recommendations:

  • Review user roles and permissions, ensuring users have the least necessary privileges.
  • Monitor website activity for suspicious changes to global presets.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *