{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12934", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-09T21:45:35.493Z", "datePublished": "2025-12-23T09:20:01.516Z", "dateUpdated": "2026-04-08T17:18:40.037Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:18:40.037Z"}, "affected": [{"vendor": "beaverbuilder", "product": "Beaver Builder Page Builder \u2013 Drag and Drop Website Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.9.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary posts with the content of other existing posts, potentially exposing private and password-protected content and deleting any content that is not saved in revisions or backups. Posts must have been created with Beaver Builder to be copied or updated."}], "title": "Beaver Builder \u2013 WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2db74d-61b9-498a-a0d8-e43466b06f37?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/trunk/classes/class-fl-builder-model.php#L181"}, {"url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/trunk/classes/class-fl-builder-model.php#L5490"}, {"url": "https://plugins.trac.wordpress.org/changeset/3425646/beaver-builder-lite-version/trunk"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "timeline": [{"time": "2025-11-09T22:01:42.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-12-22T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-23T15:24:21.144519Z", "id": "CVE-2025-12934", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-23T15:24:27.106Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-23T15:24:21.144519Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-23T15:24:23.794Z"}}], "cna": {"title": "Beaver Builder \u2013 WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}}], "affected": [{"vendor": "beaverbuilder", "product": "Beaver Builder Page Builder \u2013 Drag and Drop Website Builder", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.9.4.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-09T22:01:42.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-12-22T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2db74d-61b9-498a-a0d8-e43466b06f37?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/trunk/classes/class-fl-builder-model.php#L181"}, {"url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/trunk/classes/class-fl-builder-model.php#L5490"}, {"url": "https://plugins.trac.wordpress.org/changeset/3425646/beaver-builder-lite-version/trunk"}], "descriptions": [{"lang": "en", "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary posts with the content of other existing posts, potentially exposing private and password-protected content and deleting any content that is not saved in revisions or backups. Posts must have been created with Beaver Builder to be copied or updated."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-23T09:20:01.516Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12934", "state": "PUBLISHED", "dateUpdated": "2025-12-23T15:24:27.106Z", "dateReserved": "2025-11-09T21:45:35.493Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-23T09:20:01.516Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary posts with the content of other existing posts, potentially exposing private and password-protected content and deleting any content that is not saved in revisions or backups. Posts must have been created with Beaver Builder to be copied or updated."}], "id": "CVE-2025-12934", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-23T10:15:42.953", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/trunk/classes/class-fl-builder-model.php#L181"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/trunk/classes/class-fl-builder-model.php#L5490"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3425646/beaver-builder-lite-version/trunk"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2db74d-61b9-498a-a0d8-e43466b06f37?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T16:54:47.031906+00:00", "value": {"mitigation_remediation": ["Upgrade the Beaver Builder plugin to a version newer than 2.9.4.1 that implements the missing capability check for duplicate_wpml_layout.", "If an immediate upgrade is not possible, restrict the Subscriber role by removing the edit_posts capability using a role\u2011editor plugin so that these users cannot modify Beaver Builder posts.", "Periodically review post content and WordPress admin logs for unexpected duplication or overwrite actions, and ensure regular backups are in place to recover any lost content."], "summary": {"action": "Patch Now", "impact": "Unauthorized Post Modification"}, "threat_synthesis": {"affected_systems": "WordPress sites running any version of the Beaver Builder Page Builder \u2013 Drag and Drop Website Builder plugin up to and including 2.9.4.1 are vulnerable. Any post created with Beaver Builder can be duplicated or overwritten by users who have Subscriber-level access or higher.", "description_and_impact": "The Beaver Builder plugin contains a missing capability check in the duplicate_wpml_layout function. Authenticated users with a Subscriber role or higher can invoke this function to replace the content of any Beaver Builder post with that of another post. This allows the attacker to expose private or password\u2011protected information and to delete content that is not preserved in revisions or backups. The flaw directly compromises data integrity and confidentiality of posts created with Beaver Builder.", "risk_and_exploitability": "The CVSS score of 8.1 classifies this issue as high severity, while the EPSS score of less than 1% indicates a low but non\u2011zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only an authenticated WordPress login with Subscriber or greater privileges; the attacker can trigger the flawed function via the WordPress admin interface without needing elevated system privileges or remote code execution."}}}}, "created": "2025-12-23T22:39:42.190564+00:00", "updated": "2026-04-21T17:00:12.324208+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}