Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-29	CVE-2023-51397	Unspecified vulnerability in Brainstormforce WP Remote Site Search 1.0.4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4. network low complexity brainstormforce	5.4
2023-12-14	CVE-2023-49833	Unspecified vulnerability in Brainstormforce Spectra Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9. network low complexity brainstormforce	5.4
2023-12-07	CVE-2023-41804	Unspecified vulnerability in Brainstormforce Starter Templates Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. network low complexity brainstormforce	5.4
2023-10-27	CVE-2023-46211	Unspecified vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder Auth. network low complexity brainstormforce	5.4
2023-06-07	CVE-2020-36702	Missing Authorization vulnerability in Brainstormforce Spectra The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. network low complexity brainstormforce CWE-862	4.3
2023-02-21	CVE-2020-36656	Cross-site Scripting vulnerability in Brainstormforce Spectra The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. network low complexity brainstormforce CWE-79	5.4
2021-11-17	CVE-2021-42360	Unspecified vulnerability in Brainstormforce Starter Templates On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. network low complexity brainstormforce	5.4
2021-05-05	CVE-2021-24271	Unspecified vulnerability in Brainstormforce Ultimate Addons for Elementor The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. network low complexity brainstormforce	5.4
2021-05-05	CVE-2021-24256	Unspecified vulnerability in Brainstormforce Elementor - Header, Footer & Blocks Template The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. network low complexity brainstormforce	5.4
2020-05-17	CVE-2020-13125	Unspecified vulnerability in Brainstormforce Ultimate Addons for Elementor An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. network low complexity brainstormforce	6.5