CVE-2021-42748

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:*
cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:professional:wordpress:*:*

History

21 Nov 2024, 06:28

Type Values Removed Values Added
References () https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content/ - Patch, Vendor Advisory () https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content/ - Patch, Vendor Advisory
References () https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve/ - Exploit, Third Party Advisory () https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve/ - Exploit, Third Party Advisory

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-668 CWE-425

Information

Published : 2022-01-10 14:10

Updated : 2024-11-21 06:28


NVD link : CVE-2021-42748

Mitre link : CVE-2021-42748

CVE.ORG link : CVE-2021-42748


JSON object : View

Products Affected

fastlinemedia

  • beaver_builder
CWE
CWE-425

Direct Request ('Forced Browsing')