CVE-2026-32395
Received Received - Intake
Missing Authorization in Xpro Addons for Beaver Builder

Publication date: 2026-03-13

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32395
EUVD
EUVD-2026-11909
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
xpro xpro_addons_for_beaver_builder_lite From 1.0.0 (inc) to 1.5.6 (inc)
xpro xpro_addons_for_beaver_builder_lite to 1.5.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32395 is a Broken Access Control vulnerability in the WordPress plugin "Xpro Addons For Beaver Builder – Lite" versions up to and including 1.5.6.'}, {'type': 'paragraph', 'content': 'The issue arises from missing authorization, authentication, or nonce token checks in certain functions, which allows unauthenticated users to perform actions that should be restricted to higher-privileged users.'}, {'type': 'paragraph', 'content': 'This vulnerability falls under the OWASP Top 10 category A1: Broken Access Control.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "Because the vulnerability allows unauthenticated users to perform privileged actions, it can lead to unauthorized modifications or misuse of the plugin's features."}, {'type': 'paragraph', 'content': 'However, the CVSS score of 5.3 indicates a low severity impact, and the vulnerability is considered unlikely to be exploited.'}, {'type': 'paragraph', 'content': 'To mitigate the risk, users should update the plugin to version 1.5.7 or later, where the issue is resolved.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability arises from missing authorization checks in the Xpro Addons For Beaver Builder – Lite WordPress plugin versions up to 1.5.6, allowing unauthenticated users to perform privileged actions.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you can check the installed version of the plugin to see if it is version 1.5.6 or earlier.'}, {'type': 'paragraph', 'content': 'Suggested commands to check the plugin version on a WordPress installation include:'}, {'type': 'list_item', 'content': 'Using WP-CLI: wp plugin list | grep xpro-addons-beaver-builder-elementor'}, {'type': 'list_item', 'content': 'Manually checking the plugin\'s readme or main plugin file for the version number, e.g., cat wp-content/plugins/xpro-addons-beaver-builder-elementor/readme.txt | grep "Stable tag"'}, {'type': 'paragraph', 'content': 'Additionally, monitoring HTTP requests for unauthorized access attempts to plugin-specific endpoints or functions could help detect exploitation attempts, but specific commands or signatures are not provided.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the Xpro Addons For Beaver Builder – Lite plugin to version 1.5.7 or later, where the vulnerability is fixed.'}, {'type': 'paragraph', 'content': 'Patchstack offers auto-update options for affected plugins to ensure rapid mitigation.'}, {'type': 'paragraph', 'content': "Until the update is applied, restricting access to the plugin's functionality or disabling the plugin temporarily can reduce risk."}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32395. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart