CVE-2026-3897

MEDIUM

Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization

Title source: cna

Description

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `labb_admin_ajax` AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not check user capabilities. This makes it possible for authenticated attackers with Subscriber-level access and above to modify plugin settings and inject malicious scripts that execute when administrators access the plugin settings page or when any user visits the frontend.

References (4)

Core 4

Core References

https://www.wordfence.com/threat-intel/vulnerabilities/id/8bc41c61-1d8a-445f-bd70-3b14a40c89d4?source=cve

https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/admin/admin-ajax.php#L64

https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/includes/helper-functions.php#L248

https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/admin/views/settings.php#L137

Scores

CVSS v3 6.4

EPSS 0.0022

EPSS Percentile 12.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

livemesh/Livemesh Addons for Beaver Builder < 3.9.2

Published May 27, 2026

Tracked Since May 27, 2026