CVE-2019-25763NVD

Vulnerability Summary

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.

Severity Level

CRITICAL(9.8)

Published Date

Jun 20, 2026

Last Modified

Jun 21, 2026

Exploitation Status

No confirmed exploitation yet

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.exploit-db.com/exploits/47832
https://www.ultimatebeaver.com/
https://www.vulncheck.com/advisories/wordpress-ultimate-addons-for-beaver-builder-authentication-bypass