exploitDog

CVE-2021-42748

Опубликовано: 10 янв. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.

Ссылки

https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content/
Patch
Vendor Advisory
https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve/
Exploit
Third Party Advisory
https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content/
Patch
Vendor Advisory
https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:*

Версия до 2.5.1 (исключая)

cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:professional:wordpress:*:*

Версия до 2.5.1 (исключая)

EPSS

Процентиль: 37%

0.00157

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-xqcg-xx67-m64q

CVSS3: 5.3

github

около 4 лет назад

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.

EPSS

Процентиль: 37%

0.00157

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-425