Brainstormforce CVEs and Security Vulnerabilities

Filtered by vendor Brainstormforce Subscriptions

Search

Switch to Advanced Search (Beta)

Total 64 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-51397	1 Brainstormforce	1 Wp Remote Site Search	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4.
CVE-2023-51376	1 Brainstormforce	1 Surefeedback	2024-11-21	4.3 Medium
Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.
CVE-2023-49833	1 Brainstormforce	1 Spectra	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9.
CVE-2023-49830	1 Brainstormforce	1 Astra	2024-11-21	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
CVE-2023-46211	1 Brainstormforce	1 Ultimate Addons For Wpbakery Page Builder	2024-11-21	6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.
CVE-2023-44151	1 Brainstormforce	1 Pre-publish Checklist	2024-11-21	5.4 Medium
Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1.
CVE-2023-44148	1 Brainstormforce	1 Astra	2024-11-21	5.4 Medium
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.
CVE-2023-41805	1 Brainstormforce	1 Starter Templates	2024-11-21	6.5 Medium
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.
CVE-2023-41804	1 Brainstormforce	1 Starter Templates	2024-11-21	7.1 High
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.
CVE-2023-36685	1 Brainstormforce	1 Cartflows	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12.
CVE-2023-36684	1 Brainstormforce	1 Convert Pro	2024-11-21	7.1 High
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5.
CVE-2023-36682	1 Brainstormforce	1 Schema Pro	2024-11-21	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.
CVE-2023-36676	1 Brainstormforce	1 Spectra	2024-11-21	5.4 Medium
Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
CVE-2023-25058	1 Brainstormforce	1 Schema	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions.
CVE-2023-23882	1 Brainstormforce	1 Ultimate Addons For Beaver Builder	2024-11-21	4.3 Medium
Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5.
CVE-2021-24507	1 Brainstormforce	1 Astra	2024-11-21	9.8 Critical
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues
CVE-2021-24271	1 Brainstormforce	1 Ultimate Addons For Elementor	2024-11-21	5.4 Medium
The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24256	1 Brainstormforce	1 Elementor - Header\, Footer \& Blocks Template	2024-11-21	5.4 Medium
The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2020-36747	1 Brainstormforce	1 Lightweight Sidebar Manager	2024-11-21	4.3 Medium
The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2020-36737	1 Brainstormforce	1 Import \/ Export Customizer Settings	2024-11-21	4.3 Medium
The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

« first previous Page 3 of 4. next last »