CVE-2026-32395
Missing Authorization in Xpro Addons for Beaver Builder
Publication date: 2026-03-13
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xpro | xpro_addons_for_beaver_builder_lite | From 1.0.0 (inc) to 1.5.6 (inc) |
| xpro | xpro_addons_for_beaver_builder_lite | to 1.5.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32395 is a Broken Access Control vulnerability in the WordPress plugin "Xpro Addons For Beaver Builder β Lite" versions up to and including 1.5.6.'}, {'type': 'paragraph', 'content': 'The issue arises from missing authorization, authentication, or nonce token checks in certain functions, which allows unauthenticated users to perform actions that should be restricted to higher-privileged users.'}, {'type': 'paragraph', 'content': 'This vulnerability falls under the OWASP Top 10 category A1: Broken Access Control.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "Because the vulnerability allows unauthenticated users to perform privileged actions, it can lead to unauthorized modifications or misuse of the plugin's features."}, {'type': 'paragraph', 'content': 'However, the CVSS score of 5.3 indicates a low severity impact, and the vulnerability is considered unlikely to be exploited.'}, {'type': 'paragraph', 'content': 'To mitigate the risk, users should update the plugin to version 1.5.7 or later, where the issue is resolved.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability arises from missing authorization checks in the Xpro Addons For Beaver Builder β Lite WordPress plugin versions up to 1.5.6, allowing unauthenticated users to perform privileged actions.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you can check the installed version of the plugin to see if it is version 1.5.6 or earlier.'}, {'type': 'paragraph', 'content': 'Suggested commands to check the plugin version on a WordPress installation include:'}, {'type': 'list_item', 'content': 'Using WP-CLI: wp plugin list | grep xpro-addons-beaver-builder-elementor'}, {'type': 'list_item', 'content': 'Manually checking the plugin\'s readme or main plugin file for the version number, e.g., cat wp-content/plugins/xpro-addons-beaver-builder-elementor/readme.txt | grep "Stable tag"'}, {'type': 'paragraph', 'content': 'Additionally, monitoring HTTP requests for unauthorized access attempts to plugin-specific endpoints or functions could help detect exploitation attempts, but specific commands or signatures are not provided.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the Xpro Addons For Beaver Builder β Lite plugin to version 1.5.7 or later, where the vulnerability is fixed.'}, {'type': 'paragraph', 'content': 'Patchstack offers auto-update options for affected plugins to ensure rapid mitigation.'}, {'type': 'paragraph', 'content': "Until the update is applied, restricting access to the plugin's functionality or disabling the plugin temporarily can reduce risk."}] [1]