CVE-2025-69319
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-27

Assigner: Patchstack

Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through <= 2.9.4.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-27
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69319
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
beaver_builder beaver_builder_lite 2.9.4.1
beaver_builder beaver_builder From 2.9.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69319 is a Code Injection vulnerability in the Beaver Builder WordPress plugin (versions up to 2.9.4.1). It allows a malicious actor with at least Contributor or Developer privileges to remotely execute arbitrary malicious code on a vulnerable site. This means an attacker can inject and run harmful code, potentially compromising the affected website. [1]

Impact Analysis

This vulnerability can lead to arbitrary code execution on your WordPress site, allowing attackers to take control, manipulate data, deface the site, or use it as a platform for further attacks. It poses a significant security risk and can compromise the integrity, confidentiality, and availability of your website. [1]

Detection Guidance

The vulnerability affects Beaver Builder Plugin versions up to 2.9.4.1. Detection involves verifying the plugin version installed on your WordPress site. You can check the plugin version via the WordPress admin dashboard or by running commands on the server such as: `wp plugin list | grep beaver-builder-lite-version` if WP-CLI is installed. Additionally, monitoring for suspicious requests related to code injection attempts can help detect exploitation attempts. Patchstack provides mitigation rules that block related requests, which can also be used to detect attempts. [1]

Mitigation Strategies

Immediate mitigation steps include updating the Beaver Builder Plugin to version 2.9.4.2 or later, which resolves the vulnerability. Until the update can be applied, applying the Patchstack mitigation rule that blocks all legitimate and illegitimate requests related to this vulnerability is recommended to prevent exploitation. Using Patchstack's automatic mitigation and auto-update features can also help ensure rapid protection. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart