Page 2 of 7 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-36425 – WordPress Beaver Builder plugin <= 2.5.4.3 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2022-36425

Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. Una vulnerabilidad de Control de Acceso Roto en el plugin Beaver Builder versiones anteriores a 2.5.4.3 incluyéndola, en WordPress. The Beaver Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_settings function in versions up to, and including, 2.5.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to disable the plugin. • https://patchstack.com/database/vulnerability/beaver-builder-lite-version/wordpress-beaver-builder-plugin-2-5-4-3-broken-access-control-vulnerability/_s_id=cve https://wordpress.org/plugins/beaver-builder-lite-version/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2021-42748

https://notcve.org/view.php?id=CVE-2021-42748

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. En Beaver Builder versiones hasta 2.5.0.3, los atacantes pueden omitir el mecanismo de protección de los controles de visibilidad por medio de la API REST • https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve • CWE-425: Direct Request ('Forced Browsing') •