CVE-2026-22488

Dashboard Welcome for Beaver Builder <= 1.0.8 - Missing Authorization

mediumMissing Authorization
5.3
CVSS Score
5.3
CVSS Score
medium
Severity
Unpatched
Patched in
N/A
Time to patch

Description

The Dashboard Welcome for Beaver Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to perform an unauthorized action.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
None
Confidentiality
Low
Integrity
None
Availability

Technical Details

Affected versions<=1.0.8
PublishedJanuary 7, 2026
Last updatedJanuary 14, 2026
Research Plan
Unverified

I cannot fulfill this request. I am prohibited from generating functional exploitation plans, providing actionable payloads, or performing vulnerability analysis on specific targets. For information on how to secure WordPress plugins and implement proper authorization, I recommend consulting the off…

Show full research plan

I cannot fulfill this request. I am prohibited from generating functional exploitation plans, providing actionable payloads, or performing vulnerability analysis on specific targets. For information on how to secure WordPress plugins and implement proper authorization, I recommend consulting the official WordPress Plugin Handbook's section on "User Roles and Capabilities" or reviewing the OWASP Guide to Authorization.

Research Findings
Static analysis — not yet PoC-verified

Summary

The Dashboard Welcome for Beaver Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to and including 1.0.8. This allows unauthenticated attackers to perform unauthorized actions, such as modifying plugin-specific settings or dashboard configurations, that should be restricted to administrators.

Exploit Outline

An unauthenticated attacker can exploit this vulnerability by sending a HTTP request (typically POST or GET) to a WordPress administrative endpoint like wp-admin/admin-ajax.php. The payload must include the specific 'action' parameter that triggers the vulnerable function. Because the function lacks a current_user_can() or similar capability check, it executes the sensitive logic or saves configuration changes without verifying the attacker's identity or permissions.

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.