Vulnerabilities > Brainstormforce

DATE CVE VULNERABILITY TITLE RISK
2024-06-19 CVE-2023-41805 Missing Authorization vulnerability in Brainstormforce Starter Templates
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.
network
low complexity
brainstormforce CWE-862
6.5
2024-06-19 CVE-2023-44148 Unspecified vulnerability in Brainstormforce Astra
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.
network
low complexity
brainstormforce
8.8
2024-06-19 CVE-2023-44151 Unspecified vulnerability in Brainstormforce Pre-Publish Checklist
Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1.
network
low complexity
brainstormforce
8.8
2024-06-14 CVE-2023-51376 Missing Authorization vulnerability in Brainstormforce Surefeedback
Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.
network
low complexity
brainstormforce CWE-862
4.3
2024-06-13 CVE-2024-5757 Cross-site Scripting vulnerability in Brainstormforce Elementor - Header, Footer & Blocks Template
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping.
network
low complexity
brainstormforce CWE-79
5.4
2024-06-03 CVE-2023-23735 Unspecified vulnerability in Brainstormforce Spectra
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0.
network
low complexity
brainstormforce
6.1
2024-05-24 CVE-2024-4366 Cross-site Scripting vulnerability in Brainstormforce Spectra
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping.
network
low complexity
brainstormforce CWE-79
5.4
2024-05-24 CVE-2024-1332 Cross-site Scripting vulnerability in Brainstormforce Custom Fonts
The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping.
network
low complexity
brainstormforce CWE-79
5.4
2024-05-24 CVE-2024-2618 Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping.
network
low complexity
brainstormforce CWE-79
5.4
2024-05-23 CVE-2024-1814 Cross-site Scripting vulnerability in Brainstormforce Spectra
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
brainstormforce CWE-79
5.4