ReportizFlow
Filtered by vendor Brainstormforce
Subscriptions
Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25058 | 1 Brainstormforce | 1 Schema | 2025-06-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. | ||||
| CVE-2024-1564 | 1 Brainstormforce | 1 Schema | 2025-06-27 | 4.3 Medium |
| The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode | ||||
| CVE-2025-3513 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | 3.5 Low |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-3514 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | 3.5 Low |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-43151 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9. | ||||
| CVE-2023-51398 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | 8.8 High |
| Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14. | ||||
| CVE-2023-51401 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | 6.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13. | ||||
| CVE-2025-3471 | 1 Brainstormforce | 1 Sureforms | 2025-05-09 | 4.9 Medium |
| The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action | ||||
| CVE-2020-36656 | 1 Brainstormforce | 1 Spectra | 2025-04-23 | 5.4 Medium |
| The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. | ||||
| CVE-2023-23730 | 1 Brainstormforce | 1 Spectra | 2025-04-10 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0. | ||||
| CVE-2023-23735 | 1 Brainstormforce | 1 Spectra | 2025-03-01 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0. | ||||
| CVE-2021-42360 | 1 Brainstormforce | 1 Starter Templates | 2025-02-14 | 7.6 High |
| On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page. | ||||
| CVE-2024-37455 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2025-02-07 | 8.8 High |
| Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31. | ||||
| CVE-2022-46851 | 1 Brainstormforce | 1 Starter Templates | 2025-01-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions. | ||||
| CVE-2024-37278 | 1 Brainstormforce | 1 Cards For Beaver Builder | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Cards for Beaver Builder.This issue affects Cards for Beaver Builder: from n/a through 1.1.4. | ||||
| CVE-2024-33933 | 1 Brainstormforce | 1 Elementor - Header\, Footer \& Blocks Template | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35. | ||||
| CVE-2023-51376 | 1 Brainstormforce | 1 Surefeedback | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34. | ||||
| CVE-2023-44151 | 1 Brainstormforce | 1 Pre-publish Checklist | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1. | ||||
| CVE-2023-44148 | 1 Brainstormforce | 1 Astra | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7. | ||||
| CVE-2023-41805 | 1 Brainstormforce | 1 Starter Templates | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5. | ||||