CVE-2021-42749

{"id": "CVE-2021-42749", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-01-10T14:10:24.003", "references": [{"url": "https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set."}, {"lang": "es", "value": "En Beaver Themer, los atacantes pueden omitir los controles de l\u00f3gica condicional (para ocultar el contenido) cuando son visualizados los archivos de las publicaciones. Una explotaci\u00f3n requiere que sea aplicado un dise\u00f1o de Themer a los archivos, y que el campo post excerpt no est\u00e9 configurado"}], "lastModified": "2024-11-21T06:28:05.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fastlinemedia:beaver_themer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7B335C2-2558-40F2-B12A-FA75E0354BAE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}