Vulnerabilities > Brainstormforce > Low

DATE CVE VULNERABILITY TITLE RISK
2021-11-17 CVE-2021-42360 Resource Injection vulnerability in Brainstormforce Starter Templates
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. 		3.5
3.5
2021-05-05 CVE-2021-24256 Cross-site Scripting vulnerability in Brainstormforce Elementor - Header, Footer & Blocks Template
The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. 		3.5
3.5
2021-05-05 CVE-2021-24271 Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Elementor
The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. 		3.5
3.5