Does PowerPack Lite for Beaver Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in PowerPack Lite for Beaver Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PowerPack Lite for Beaver Builder compatible with WordPress 6.7.5?

According to WordPress.org data, PowerPack Lite for Beaver Builder 1.3.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is PowerPack Lite for Beaver Builder compatible with PHP 7.4+?

PowerPack Lite for Beaver Builder requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PowerPack Lite for Beaver Builder updated?

PowerPack Lite for Beaver Builder was last updated on Dec 7, 2024. Frequent updates are generally a positive security signal.

What is PowerPack Lite for Beaver Builder's security score?

PowerPack Lite for Beaver Builder has a WP-Safety security score of 88/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PowerPack Lite for Beaver Builder Security & Risk Analysis

wordpress.org/plugins/powerpack-addon-for-beaver-builder

PowerPack Lite for Beaver Builder extends Beaver Builder with custom options, unique modules and templates.

7K active installs v1.3.1 PHP 7.4+ WP 4.6+ Updated Dec 7, 2024

beaver-addonsbeaver-builderbeaver-builder-add-onsbeaver-builder-addonbeaver-builder-free

A · Safe

CVEs total5

Unpatched0

Last CVEDec 16, 2024

Plugin page Download

Safety Verdict

Is PowerPack Lite for Beaver Builder Safe to Use in 2026?

Generally Safe

Score 88/100

PowerPack Lite for Beaver Builder has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 16, 2024Updated 1yr ago

Risk Assessment

The static analysis of PowerPack Addon for Beaver Builder v1.3.1 presents a mixed security picture. On one hand, the absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events suggests a limited direct attack surface. The code also demonstrates good practices in using prepared statements for all SQL queries and includes nonce checks and capability checks, indicating an awareness of common WordPress security measures. However, a significant concern arises from the low percentage of properly escaped output (12%), which, coupled with taint analysis revealing flows with unsanitized paths, points to a high risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of file operations and external HTTP requests, while not inherently insecure, warrants careful review in conjunction with the output escaping issues.

The plugin's vulnerability history is a major red flag. With 5 known CVEs, including 1 high and 4 medium severity issues, and a recent vulnerability recorded in December 2024, the plugin has a consistent track record of security flaws. The common vulnerability types, namely Cross-site Scripting and PHP Remote File Inclusion, are precisely the types of issues that stem from poor input handling and unsanitized paths, aligning with the static analysis findings. The fact that all previously identified CVEs are currently patched is a positive sign, but the pattern of past vulnerabilities suggests a need for heightened vigilance and thorough code reviews for any future updates.

In conclusion, while PowerPack Addon for Beaver Builder v1.3.1 has some strengths in its minimal direct attack surface and use of prepared statements, the pervasive lack of output escaping and the historical pattern of XSS and RFI vulnerabilities create a significant risk. The taint analysis confirming unsanitized paths exacerbates these concerns. Users should be aware of the potential for XSS and the need for careful review of any updates, as the plugin has demonstrated a tendency towards these types of issues.

Key Concerns

Low output escaping percentage (12%)
Taint flows with unsanitized paths (3)
Vulnerability history: 1 high severity CVE
Vulnerability history: 4 medium severity CVEs
File operations present
External HTTP requests present

Vulnerabilities

PowerPack Lite for Beaver Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

4 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2024-12239medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter

Dec 16, 2024 Patched in 1.3.1 (1d)

CVE-2024-37409medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Lite for Beaver Builder <= 1.3.0.4 - Authenticated (Editor+) Stored Cross-Site Scripting

Jun 28, 2024 Patched in 1.3.0.5 (5d)

CVE-2024-37410high · 7.2Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

PowerPack Lite for Beaver Builder <= 1.3.0.3 - Authenticated (Editor+) Local File Inclusion

Jun 28, 2024 Patched in 1.3.0.4 (5d)

CVE-2024-2289medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Lite for Beaver Builder <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via element link

Mar 18, 2024 Patched in 1.3.0.1 (136d)

CVE-2022-0176medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Lite for Beaver Builder <= 1.2.9.2 Reflected Cross-Site Scripting

Jan 12, 2022 Patched in 1.2.9.3 (741d)

Code Analysis

Analyzed Mar 16, 2026

PowerPack Lite for Beaver Builder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1151

159 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

12% escaped1310 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

save_integration (classes\class-admin-settings.php:263)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

PowerPack Lite for Beaver Builder Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 39

actioninitbb-powerpack-lite.php:81

actionplugins_loadedbb-powerpack-lite.php:82

actionwp_enqueue_scriptsbb-powerpack-lite.php:83

actionwp_enqueue_scriptsbb-powerpack-lite.php:84

actionwp_headbb-powerpack-lite.php:85

actionadmin_noticesbb-powerpack-lite.php:86

actionnetwork_admin_noticesbb-powerpack-lite.php:87

filterbody_classbb-powerpack-lite.php:88

actionplugins_loadedclasses\class-admin-settings.php:47

actionadmin_menuclasses\class-admin-settings.php:63

actionnetwork_admin_menuclasses\class-admin-settings.php:64

actionadmin_enqueue_scriptsclasses\class-admin-settings.php:67

actionwp_enqueue_scriptsclasses\class-module-fields.php:30

actionfl_builder_control_pp-radioclasses\class-module-fields.php:32

actionfl_builder_control_pp-checkboxclasses\class-module-fields.php:33

actionfl_builder_control_pp-toggleclasses\class-module-fields.php:34

actionfl_builder_control_pp-multitextclasses\class-module-fields.php:35

actionfl_builder_control_pp-colorclasses\class-module-fields.php:36

actionfl_builder_control_pp-switchclasses\class-module-fields.php:37

actionfl_builder_control_pp-separatorclasses\class-module-fields.php:38

actionfl_builder_control_pp-css-classclasses\class-module-fields.php:39

actionfl_builder_control_pp-datepickerclasses\class-module-fields.php:40

actionfl_builder_control_pp-hiddenclasses\class-module-fields.php:41

actionfl_builder_control_pp-hidden-textareaclasses\class-module-fields.php:42

actionfl_builder_control_pp-normal-dateclasses\class-module-fields.php:43

actionfl_builder_control_pp-evergreen-dateclasses\class-module-fields.php:44

actionfl_builder_before_render_moduleclasses\class-module-fields.php:46

actionfl_builder_custom_fieldsclasses\class-module-fields.php:47

filterwpml_beaver_builder_modules_to_translateclasses\class-wpml-compatibility.php:5

filterfl_builder_get_layout_metadataincludes\column-settings.php:46

actionadmin_noticesincludes\notice.php:19

actionadmin_initincludes\notice.php:93

actionwp_footerincludes\panel-functions.php:48

filterfl_builder_render_cssincludes\row-css.php:6

filterfl_builder_register_settings_formincludes\row-settings.php:6

filterfl_builder_register_settings_formincludes\row-settings.php:9

filterpp_row_settings_tab_sectionsincludes\row-settings.php:10

filterfl_builder_get_layout_metadataincludes\row-settings.php:179

actionfl_builder_before_render_row_bgincludes\row.php:14

Maintenance & Trust

PowerPack Lite for Beaver Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 7, 2024

PHP min version7.4

Downloads237K

Community Trust

Rating100/100

Number of ratings243

Active installs7K

Alternatives

PowerPack Lite for Beaver Builder Alternatives

Xpro Addons For Beaver Builder – Lite

xpro-addons-beaver-builder-elementor

Xpro Addons for Beaver Builder – Lite is a simple drag-and-drop creative module pack that lets you create stunning websites.

700 1 CVE

Supreme Addons for Beaver Builder –

supreme-addons-for-beaver-builder-lite

The Supreme Addons for Beaver Builder extends the Beaver Builder functionality with Qr Code Auto Generate modules

50 1 unpatched

Image Carousel Addon for Beaver Builder

image-carousel-addon-for-beaver-builder

A quick and easy responsive image carousel module for Beaver Builder.

200 No CVEs

Ultimate Addons for Beaver Builder – Lite

ultimate-addons-for-beaver-builder-lite

Extend Beaver Builder with powerful modules and ready-made templates to build stunning WordPress websites faster.

20K 8 CVEs

Bridge Addons for Beaver Builder

bridge-addons

Bridge Addons plugin extends your Beaver Builder plugin with advanced modules.

70 No CVEs

Developer Profile

PowerPack Lite for Beaver Builder Developer Profile

IdeaBox Creations

8 plugins · 112K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

201 days

View full developer profile

Detection Fingerprints

How We Detect PowerPack Lite for Beaver Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/css/animate.min.css/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/css/fields.css/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/fields.js/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/css/panel.css/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/panel.js/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/modernizr.custom.53451.js/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/twitter-widgets.js

Script Paths

/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/modernizr.custom.53451.js/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/twitter-widgets.js/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/fields.js/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/panel.js

Version Parameters

/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/css/animate.min.css?ver=/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/css/fields.css?ver=/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/fields.js?ver=/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/css/panel.css?ver=/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/panel.js?ver=/wp-content/plugins/powerpack-addon-for-beaver-builder/assets/js/twitter-widgets.js?ver=

HTML / DOM Fingerprints

CSS Classes

bb-powerpackbb-powerpack-search-enabledbb-powerpack-ui

JS Globals

pp_get_admin_label

FAQ