Bypassing Conditional Logic Controls in Beaver Themer for Post Archives

Bypassing Conditional Logic Controls in Beaver Themer for Post Archives

CVE-2021-42749 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set.

Learn more about our Web Application Penetration Testing UK.