CVE-2026-2029 | Livemesh Addons for Beaver Builder Plugin up to 3.9.2 on WordPress Shortcode htmlspecialchars_decode title/value cross site scripting

Inserito da Angelo Barbosa | Feb 25, 2026 | CVE

A vulnerability identified as problematic has been detected in Livemesh Addons for Beaver Builder Plugin up to 3.9.2 on WordPress. This issue affects the function htmlspecialchars_decode of the component Shortcode Handler. Performing a manipulation of the argument title/value results in cross site scripting.

This vulnerability is cataloged as CVE-2026-2029. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2026-2029 | Livemesh Addons for Beaver Builder Plugin up to 3.9.2 on WordPress Shortcode htmlspecialchars_decode title/value cross site scripting

Post correlati

CVE-2024-6625 | m_uysl WP Total Branding Plugin up to 1.2 on WordPress Setting cross site scripting

CVE-2024-43781 | Siemens SINUMERIK 828D/SINUMERIK ONE Create MyConfig log file (ssa-097786)

CVE-2025-53696 | Johnson Controls iSTAR Ultra up to 6.9.2 Firmware code download

CVE-2025-27156 | Enalean Tuleap Community Edition/Tuleap Enterprise Edition HTML Email HTML injection (GHSA-x2v2-xr59-c9cf)