Vulnerabilities > Brainstormforce
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-24 | CVE-2024-2618 | Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-23 | CVE-2024-1814 | Cross-site Scripting vulnerability in Brainstormforce Spectra The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-23 | CVE-2024-1815 | Cross-site Scripting vulnerability in Brainstormforce Spectra The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-17 | CVE-2023-51398 | Unspecified vulnerability in Brainstormforce Ultimate Addons for Beaver Builder Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14. | 8.8 |
| 2024-05-17 | CVE-2023-51401 | Unspecified vulnerability in Brainstormforce Ultimate Addons for Beaver Builder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13. | 6.5 |
| 2024-05-16 | CVE-2024-2619 | Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-16 | CVE-2024-4634 | Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2023-6486 | Cross-site Scripting vulnerability in Brainstormforce Spectra The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2305 | Cross-site Scripting vulnerability in Brainstormforce Cards for Beaver Builder The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-30 | CVE-2024-2140 | Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Beaver Builder The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. | 5.4 |