Vulnerabilities > Brainstormforce > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-17 | CVE-2023-23882 | Missing Authorization vulnerability in Brainstormforce Ultimate Addons for Beaver Builder Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5. | 4.3 |
| 2023-12-29 | CVE-2023-51397 | Cross-site Scripting vulnerability in Brainstormforce WP Remote Site Search Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4. | 5.4 |
| 2023-12-14 | CVE-2023-49833 | Cross-site Scripting vulnerability in Brainstormforce Spectra Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9. | 5.4 |
| 2023-12-07 | CVE-2023-41804 | Server-Side Request Forgery (SSRF) vulnerability in Brainstormforce Starter Templates Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. | 5.4 |
| 2023-10-27 | CVE-2023-46211 | Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder Auth. | 5.4 |
| 2023-07-01 | CVE-2020-36747 | Unspecified vulnerability in Brainstormforce Lightweight Sidebar Manager The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. | 4.3 |
| 2023-07-01 | CVE-2020-36737 | Unspecified vulnerability in Brainstormforce Import / Export Customizer Settings 1.0.1/1.0.2/1.0.3 The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. | 4.3 |
| 2023-06-07 | CVE-2020-36702 | Missing Authorization vulnerability in Brainstormforce Spectra The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. | 4.3 |
| 2023-02-21 | CVE-2020-36656 | Cross-site Scripting vulnerability in Brainstormforce Spectra The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. | 5.4 |
| 2020-05-17 | CVE-2020-13125 | Incorrect Permission Assignment for Critical Resource vulnerability in Brainstormforce Ultimate Addons for Elementor An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. | 6.4 |