CVE-2019-25763
published 2026-06-20CVE-2019-25763: WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.43%
34.3th percentile
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ultimatebeaver | ultimate_addons_for_beaver_builder | <= 1.2.4.1 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Ultimatebeaver Ultimate Addons for Beaver Builder 1.2.4.1 on Beaver admin-ajax.php authentication bypass (Exploit 47832 / EUVD-2019-20199)
vuldb·2026-06-20·CVSS 9.8
CVE-2019-25763 [CRITICAL] Ultimatebeaver Ultimate Addons for Beaver Builder 1.2.4.1 on Beaver admin-ajax.php authentication bypass (Exploit 47832 / EUVD-2019-20199)
A vulnerability was found in Ultimatebeaver Ultimate Addons for Beaver Builder 1.2.4.1 on Beaver. It has been declared as critical. The affected element is an unknown function of the file admin-ajax.php. Executing a manipulation can lead to authentication bypass using alternate channel.
This vulnerability is tracked as CVE-2019-25763. The attack can be launched remotely. Moreover, an exploit is present.
It is recommended to upgrade the affected component.
GHSA
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functio
ghsa_unreviewed·2026-06-20
CVE-2019-25763 [CRITICAL] CWE-288 WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functio
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-20
Published