CVE-2021-42749

Опубликовано: 10 янв. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set.

Ссылки

https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content/
Patch
Vendor Advisory
https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve/
Exploit
Third Party Advisory
https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content/
Patch
Vendor Advisory
https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fastlinemedia:beaver_themer:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00237

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-h5m9-c2h6-x3rp

github

около 4 лет назад