A critical authentication bypass vulnerability in the Ultimate Addons for Beaver Builder plugin allows unauthenticated attackers to hijack administrative sessions and gain full control over affected WordPress sites.

This is an authentication bypass vulnerability triggered by improper validation in the social media login form. An unauthenticated attacker can submit a specific request to the admin-ajax.php endpoint to spoof administrative identity and obtain valid session cookies.

Successful exploitation grants an attacker full administrative access to the WordPress environment. Given the CVSS score of 9.8, this poses a severe risk of total system compromise, including the potential for data exfiltration, unauthorized content modification, and the installation of persistent malicious backdoors.

Immediate Action: Update the Ultimate Addons for Beaver Builder plugin to the latest patched version provided by Brainstorm Force immediately.

Proactive Monitoring: Review web server access logs for anomalous POST requests directed at admin-ajax.php containing the uabb-lf-google-submit action.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block suspicious or malformed ajax requests until the patch can be applied.

Public Exploit Available: Unknown

The severity of this vulnerability cannot be overstated, as it permits complete site takeover without requiring prior authentication. Administrators must prioritize updating this plugin immediately to mitigate the risk of unauthorized administrative access and subsequent compromise of the WordPress environment.