CVE-2022-2934: 
WordPress vulnerability analysis and mitigation

The Beaver Builder – WordPress Page Builder plugin for WordPress was found to contain a Stored Cross-Site Scripting vulnerability in versions up to and including 2.5.5.2. The vulnerability was identified in the 'Image URL' value within the Media block functionality (NVD, Wordfence).

The vulnerability stems from insufficient input sanitization and output escaping of the 'Image URL' value in the Media block. This security flaw has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) by NVD with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Wordfence assessed it at 6.4 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N (NVD).

The vulnerability allows authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially compromising user data or enabling other malicious actions (NVD).

Users should upgrade to a version newer than 2.5.5.2 to address this vulnerability. The fix has been documented in the official changelog (Beaver Builder).