Brainstormforce CVEs and Security Vulnerabilities

Filtered by vendor Brainstormforce Subscriptions

Search

Switch to Advanced Search (Beta)

Total 107 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-7465	2 Brainstormforce, Wordpress	2 Spectra Gutenberg Blocks – Website Builder For The Block Editor, Wordpress	2026-05-30	8.8 High
The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. Exploitation requires a two-block payload embedded in post content: the first block registers a fake uagb/-prefixed block type with an attacker-specified render_callback, and the second block of the same fake type triggers invocation of that callback via call_user_func() during sequential block rendering in the same page request.
CVE-2026-9065	2 Brainstormforce, Wordpress	2 Surecart, Wordpress	2026-05-20	N/A
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/integrations/{id}'. The root cause is a flawed escaping bypass in the query builder ('wp-query-builder'). Values passed to the 'where()' method are only sanitized via '$wpdb->prepare()' when they do not contain a dot ('.') or the WordPress table prefix ('wp_'). By including a dot anywhere in the payload, an attacker completely bypasses the escaping logic and injects arbitrary SQL into the 'WHERE' clause, allowing full UNION-based extraction of the database.
CVE-2026-42648	2 Brainstormforce, Wordpress	2 Spectra, Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22.
CVE-2026-42377	2 Brainstormforce, Wordpress	2 Sureforms, Wordpress	2026-04-29	7.3 High
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0.
CVE-2026-39477	2 Brainstormforce, Wordpress	2 Cartflows, Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2.2.3.
CVE-2023-23834	1 Brainstormforce	1 Spectra	2026-04-28	4.3 Medium
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVE-2023-23825	1 Brainstormforce	1 Spectra	2026-04-28	3.1 Low
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVE-2023-23729	2 Brainstormforce, Wordpress	2 Spectra, Wordpress	2026-04-28	5.4 Medium
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVE-2023-51402	1 Brainstormforce	1 Ultimate Addons For Wpbakery Page Builder	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17.
CVE-2023-51397	1 Brainstormforce	1 Wp Remote Site Search	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4.
CVE-2023-49830	1 Brainstormforce	1 Astra	2026-04-28	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
CVE-2023-49833	1 Brainstormforce	1 Spectra	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9.
CVE-2023-46211	1 Brainstormforce	1 Ultimate Addons For Wpbakery Page Builder	2026-04-28	6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.
CVE-2023-41804	1 Brainstormforce	1 Starter Templates	2026-04-28	7.1 High
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.
CVE-2023-36684	1 Brainstormforce	1 Convert Pro	2026-04-28	7.1 High
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5.
CVE-2023-36682	1 Brainstormforce	1 Schema	2026-04-28	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.
CVE-2023-36685	1 Brainstormforce	1 Cartflows	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12.
CVE-2023-36679	1 Brainstormforce	1 Spectra	2026-04-28	7.1 High
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
CVE-2023-23882	1 Brainstormforce	1 Ultimate Addons For Beaver Builder	2026-04-28	4.3 Medium
Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5.
CVE-2023-23738	1 Brainstormforce	1 Spectra	2026-04-28	5.3 Medium
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through 2.3.0.

Page 1 of 6. next last »