A high-severity vulnerability has been identified in the Beaver Builder plugin for WordPress, impacting all versions up to and including 2. This flaw allows any authenticated user, regardless of their permission level, to access and modify website data. Successful exploitation could lead to unauthorized changes to the website's content and structure, potentially causing website defacement and reputational damage.

The vulnerability is a Broken Access Control issue caused by a missing capability check on the duplicate_wpml_layout AJAX function. This function is intended for users with higher privileges to duplicate page layouts. Because the check is missing, any authenticated user, including those with low-level permissions like a 'Subscriber', can send a crafted request to the server to trigger this function, allowing them to duplicate and potentially modify site layouts and data without proper authorization.

This vulnerability is rated as High severity with a CVSS score of 8.1. Exploitation could lead to significant business disruption, including website defacement, unauthorized content modification, and potential injection of malicious content, which could mislead visitors or harm the organization's brand. The integrity of the website is at risk, as an attacker with minimal access can alter its appearance and content, leading to a loss of customer trust and potential financial impact depending on the nature of the website.

Immediate Action: Immediately update the "Beaver Builder – WordPress Page Builder" plugin to the latest version provided by the vendor, which contains a patch for this vulnerability. As a secondary best practice, review all installed WordPress plugins and themes, deactivating and removing any that are no longer necessary to reduce the overall attack surface.

Proactive Monitoring: Monitor web server and WAF (Web Application Firewall) logs for suspicious POST requests to wp-admin/admin-ajax.php that contain the action duplicate_wpml_layout, especially if originating from users with low-privilege roles. Implement a file integrity monitoring (FIM) solution to alert on unexpected changes to theme and plugin files or website content.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) rule to specifically block or log any requests attempting to call the duplicate_wpml_layout function. Alternatively, temporarily disable the Beaver Builder plugin until it can be safely updated, but be aware this will likely impact website functionality and page rendering.

Public Exploit Available: False

Given the high CVSS score of 8.1 and the risk of unauthorized data modification by any authenticated user, it is strongly recommended that organizations prioritize the immediate remediation of this vulnerability. Although this CVE is not currently listed on the CISA KEV list, the potential for brand damage and website integrity loss is significant. The primary and most effective course of action is to update the affected Beaver Builder plugin to the latest secure version without delay.