CVE-2019-25763

CRITICAL

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 Authentication Bypass

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25763. PoCs published by Raphael Karger.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in WordPress Ultimate Addons for Beaver Builder by leveraging a nonce disclosure and a flawed AJAX endpoint to generate valid session cookies for a privileged user.

Description

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.

Exploits (1)

exploitdb WORKING POC
by Raphael Karger · pythonwebappsphp
https://www.exploit-db.com/exploits/47832

This exploit demonstrates an authentication bypass vulnerability in WordPress Ultimate Addons for Beaver Builder by leveraging a nonce disclosure and a flawed AJAX endpoint to generate valid session cookies for a privileged user.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: WordPress Ultimate Addons for Beaver Builder < 1.2.4.1
No auth needed
Prerequisites: Valid admin/user email · Social media login form embedded in the target URL
devstral-2 · analyzed Jun 20, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-47832
https://www.exploit-db.com/exploits/47832
Product product
Official Product Homepage
https://www.ultimatebeaver.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: WordPress Ultimate Addons for Beaver Builder 1.2.4.1 Authentication Bypass
https://www.vulncheck.com/advisories/wordpress-ultimate-addons-for-beaver-builder-authentication-bypass

Scores

CVSS v3 9.8
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-288
Status published
Products (1)
Ultimatebeaver/Ultimate Addons for Beaver Builder < 1.2.4.1
Published Jun 20, 2026
Tracked Since Jun 20, 2026