CVE-2025-4102 – Beaver Builder Plugin for WordPress Arbitrary File Upload Vulnerability

June 20, 2025

CVE ID : CVE-2025-4102

Published : June 20, 2025, 12:15 p.m. | 2 hours, 28 minutes ago

Description : The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘save_enabled_icons’ function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The vulnerability was partially patched in version 2.9.1.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6339 – Ponaravindb Hospital Management System SQL Injection

Next Article CVE-2025-6336 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-4102 – Beaver Builder Plugin for WordPress Arbitrary File Upload Vulnerability

CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug

What Zen And The Art Of Motorcycle Maintenance Can Teach Us About Web Design

This critically acclaimed debut indie game is an early game of the year contender, and you can play it on Xbox Game Pass right now

Three Reasons Why the Browser is Best for Stopping Phishing Attacks

CVE-2025-1565 – WordPress Mayosis Core Plugin Arbitrary File Read Vulnerability

I’ve fallen in love with this stunning 5K monitor and its built-in KVM switch — it’s ideal for my creative projects

CVE-2025-40729 – Apache Customer Support System Reflected Cross-Site Scripting (XSS)

CVE-2025-47815 – GNU PSPP Heap-Based Buffer Overflow Vulnerability

CVE-2025-4219 – WordPress DPEPress Stored Cross-Site Scripting

CVE-2025-4102 – Beaver Builder Plugin for WordPress Arbitrary File Upload Vulnerability

Related Posts