{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2029", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-05T21:53:20.776Z", "datePublished": "2026-02-26T01:24:15.342Z", "dateUpdated": "2026-04-08T17:05:52.892Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:52.892Z"}, "affected": [{"vendor": "livemesh", "product": "Livemesh Addons for Beaver Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.9.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[labb_pricing_item]` shortcode's `title` and `value` attributes in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. Specifically, the plugin uses `htmlspecialchars_decode()` after `wp_kses_post()`, which decodes HTML entities back into executable code after sanitization has occurred. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' and 'value' Shortcode Attributes", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bc96b4f-256e-491b-9d27-de1adbf67643?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/includes/modules/labb-pricing-table/labb-pricing-table.php#L51"}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/includes/modules/labb-pricing-table/labb-pricing-table.php#L59"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "timeline": [{"time": "2026-02-25T12:50:36.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T15:12:33.215601Z", "id": "CVE-2026-2029", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:13:24.583Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2029", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T15:12:33.215601Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:12:43.320Z"}}], "cna": {"title": "Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' and 'value' Shortcode Attributes", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "livemesh", "product": "Livemesh Addons for Beaver Builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.9.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-25T12:50:36.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bc96b4f-256e-491b-9d27-de1adbf67643?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/includes/modules/labb-pricing-table/labb-pricing-table.php#L51"}, {"url": "https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/includes/modules/labb-pricing-table/labb-pricing-table.php#L59"}], "descriptions": [{"lang": "en", "value": "The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[labb_pricing_item]` shortcode's `title` and `value` attributes in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. Specifically, the plugin uses `htmlspecialchars_decode()` after `wp_kses_post()`, which decodes HTML entities back into executable code after sanitization has occurred. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:52.892Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2029", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:05:52.892Z", "dateReserved": "2026-02-05T21:53:20.776Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-26T01:24:15.342Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[labb_pricing_item]` shortcode's `title` and `value` attributes in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. Specifically, the plugin uses `htmlspecialchars_decode()` after `wp_kses_post()`, which decodes HTML entities back into executable code after sanitization has occurred. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin Livemesh Addons for Beaver Builder para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los atributos 'title' y 'value' del shortcode '[labb_pricing_item]' en todas las versiones hasta la 3.9.2, inclusive, debido a una sanitizaci\u00f3n de entrada insuficiente y un escape de salida inadecuado. Espec\u00edficamente, el plugin utiliza 'htmlspecialchars_decode()' despu\u00e9s de 'wp_kses_post()', lo que decodifica las entidades HTML de nuevo a c\u00f3digo ejecutable despu\u00e9s de que se ha producido la sanitizaci\u00f3n. Esto hace posible que atacantes autenticados, con acceso de nivel Colaborador o superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2026-2029", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-26T02:16:24.723", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/includes/modules/labb-pricing-table/labb-pricing-table.php#L51"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/includes/modules/labb-pricing-table/labb-pricing-table.php#L59"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bc96b4f-256e-491b-9d27-de1adbf67643?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.9.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Livemesh Addons for Beaver Builder", "source": "cna", "vendor": "livemesh"}, "product": "livemesh_addons_for_beaver_builder", "vendor": "livemesh"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T18:03:07.980505+00:00", "value": {"mitigation_remediation": ["Upgrade Livemesh Addons for Beaver Builder to a version newer than 3.9.2 that contains the XSS fix.", "Edit any pages or posts containing the `[labb_pricing_item]` shortcode to remove or replace injected JavaScript, and resave the content to ensure sanitization is re\u2011applied.", "Until a patch is applied, restrict Contributor and higher roles from editing content that uses the shortcode, or disable the shortcode altogether, to prevent further injections."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting (XSS) via shortcode attributes"}, "threat_synthesis": {"affected_systems": "All installations of the Livemesh Addons for Beaver Builder plugin with version 3.9.2 or earlier are affected. The vulnerability exists in the plugin\u2019s core module that processes the `[labb_pricing_item]` shortcode within WordPress pages and posts.\n", "description_and_impact": "The Livemesh Addons for Beaver Builder plugin for WordPress contains a Stored XSS flaw in the `[labb_pricing_item]` shortcode. When the shortcode\u2019s `title` and `value` attributes are supplied, the plugin first sanitizes the input with `wp_kses_post()` and then undecodes it with `htmlspecialchars_decode()`. This bypasses the sanitization, allowing an authenticated Contributor or higher to inject arbitrary JavaScript that executes whenever any user views the page. An attacker could steal session cookies, deface content, or perform other malicious client\u2011side actions, breaking confidentiality, integrity, and potentially availability of the site. The flaw aligns with CWE\u201179.\n", "risk_and_exploitability": "The CVSS v3 base score is 6.4, indicating moderate severity. The EPSS score is below 1\u202f%, reflecting a low probability that the vulnerability is actively exploited at present, and the flaw is not yet listed in the CISA KEV catalog. An attacker must be authenticated with Contributor\u2011level or higher privileges to inject malicious payloads. Once injected, the script runs for all visitors to the affected page, making the risk of credential theft or defacement significant if the attacker gains such access."}}}}, "created": "2026-02-26T13:10:01.596573+00:00", "updated": "2026-04-15T18:15:10.814127+00:00", "vendors": ["livemesh", "livemesh$PRODUCT$livemesh_addons_for_beaver_builder", "wordpress", "wordpress$PRODUCT$wordpress"]}