CVE-2025-69319
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| beaver_builder | beaver_builder_lite | 2.9.4.1 |
| beaver_builder | beaver_builder | From 2.9.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69319 is a Code Injection vulnerability in the Beaver Builder WordPress plugin (versions up to 2.9.4.1). It allows a malicious actor with at least Contributor or Developer privileges to remotely execute arbitrary malicious code on a vulnerable site. This means an attacker can inject and run harmful code, potentially compromising the affected website. [1]
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on your WordPress site, allowing attackers to take control, manipulate data, deface the site, or use it as a platform for further attacks. It poses a significant security risk and can compromise the integrity, confidentiality, and availability of your website. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability affects Beaver Builder Plugin versions up to 2.9.4.1. Detection involves verifying the plugin version installed on your WordPress site. You can check the plugin version via the WordPress admin dashboard or by running commands on the server such as: `wp plugin list | grep beaver-builder-lite-version` if WP-CLI is installed. Additionally, monitoring for suspicious requests related to code injection attempts can help detect exploitation attempts. Patchstack provides mitigation rules that block related requests, which can also be used to detect attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Beaver Builder Plugin to version 2.9.4.2 or later, which resolves the vulnerability. Until the update can be applied, applying the Patchstack mitigation rule that blocks all legitimate and illegitimate requests related to this vulnerability is recommended to prevent exploitation. Using Patchstack's automatic mitigation and auto-update features can also help ensure rapid protection. [1]