WordPress Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by kai63001 in WordPress Plugin Spectra versions = 2.19.25...

CVE-2026-42648 WordPress Spectra plugin <= 2.19.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.22...

CVE-2026-42648 WordPress Spectra plugin <= 2.19.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.22...

CVE-2023-23729

The CVE-2023-23729 issue affects Brainstorm Force Spectra (WordPress Gutenberg Blocks plugin) versions up to 2.3.0, caused by missing/incorrect authorization in access control settings. Multiple sources (Patchstack, NVD-driven entries, EUVD, Red Hat) describe this as a Broken Access Control vulne...

CVE-2023-23825 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

CVE-2023-23825 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

CVE-2023-23834 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.3.0...

WordPress Spectra plugin <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team Widget vulnerability discovered by zer0gh0st in WordPress Plugin Spectra versions = 2.16.2...

CVE-2024-37517 WordPress Spectra plugin <= 2.13.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7...

WordPress Spectra Plugin <= 2.14.1 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.14.1 Fixed in 2.15.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-7590 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a51e418171d1 Credits João Pedro S Alcântara Kinorth Required...

WordPress Spectra plugin <= 2.13.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Spectra versions = 2.13.7...

WordPress Spectra Plugin <= 2.13.7 is vulnerable to Broken Access Control

Software Spectra Type Plugin Vulnerable versions = 2.13.7 Fixed in 2.13.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37517 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dc287e0a3ecb Credits Rafie Muhammad Patchstack Required...

WordPress Spectra Plugin <= 2.13.0 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.13.0 Fixed in 2.13.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4366 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e05306d8c6c Credits Ngô Thiên An ancorn Required...

WordPress Spectra Plugin <= 2.12.8 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.12.8 Fixed in 2.12.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1814 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8365e8ec8dfb Credits wesley wcraft Required privile...

WordPress Spectra Plugin <= 2.12.6 is vulnerable to Path Traversal

Software Spectra Type Plugin Vulnerable versions = 2.12.6 Fixed in 2.12.7 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-3107 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 52350fa92b9f Credits Ngô Thiên An ancorn Required privilege Contributor...

WordPress Spectra plugin <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS vulnerability

AuthenticatedContributor+ Cross-Site Scripting via Custom CSS vulnerability discovered by Akbar Kustirama in WordPress Plugin Spectra versions = 2.10.3...

WordPress Spectra Plugin <= 2.10.3 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.10.3 Fixed in 2.10.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6486 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ec9e8bd69ac Credits Akbar Kustirama Required...

WordPress Spectra Plugin <= 2.6.6 is vulnerable to Broken Access Control

Software Spectra Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36676 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e0a4f405cbd6 Credits Rafie Muhammad Patchstack Required...

WordPress Spectra Plugin < 1.15.0 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions 1.15.0 Fixed in 1.15.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2020-36656 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID aa21c4e7af94 Credits István Márton Required...

WordPress Spectra Plugin <= 2.3.0 is vulnerable to Bypass Vulnerability

Software Spectra Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-23730 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e0584f9e90cf Credits Dave Jong Patchstack Required...