Vulnerabilities > Brainstormforce > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-33933 Cross-site Scripting vulnerability in Brainstormforce Elementor - Header, Footer & Blocks Template
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35.
network
low complexity
brainstormforce CWE-79
5.4
2024-07-22 CVE-2024-37278 Cross-site Scripting vulnerability in Brainstormforce Cards for Beaver Builder
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Cards for Beaver Builder.This issue affects Cards for Beaver Builder: from n/a through 1.1.4.
network
low complexity
brainstormforce CWE-79
5.4
2024-07-17 CVE-2024-5251 Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_pricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
brainstormforce CWE-79
5.4
2024-07-17 CVE-2024-5252 Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_table shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
brainstormforce CWE-79
5.4
2024-07-17 CVE-2024-5253 Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ult_team shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
brainstormforce CWE-79
5.4
2024-07-17 CVE-2024-5254 Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_banner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
brainstormforce CWE-79
5.4
2024-07-17 CVE-2024-5255 Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_dual_color shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
brainstormforce CWE-79
5.4
2024-06-19 CVE-2023-41805 Missing Authorization vulnerability in Brainstormforce Starter Templates
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.
network
low complexity
brainstormforce CWE-862
6.5
2024-06-14 CVE-2023-51376 Missing Authorization vulnerability in Brainstormforce Surefeedback
Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.
network
low complexity
brainstormforce CWE-862
4.3
2024-06-13 CVE-2024-5757 Cross-site Scripting vulnerability in Brainstormforce Elementor - Header, Footer & Blocks Template
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping.
network
low complexity
brainstormforce CWE-79
5.4