Brainstorm Force Security Vulnerabilities
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...
6.3CVSS
6.7AI Score
0.0004EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated...
8.8CVSS
6.7AI Score
0.0004EPSS
The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with...
8.8CVSS
7AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with...
8.8CVSS
7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through...
5.9CVSS
9.1AI Score
0.0004EPSS
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to....
5.4CVSS
6.5AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...
8.8CVSS
6.9AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through...
8.8CVSS
6.9AI Score
0.0004EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4;...
7.1CVSS
6.9AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through...
9.9CVSS
8.8AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through...
7.1CVSS
5.4AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14...
6.5CVSS
5.3AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20...
8.8CVSS
8.8AI Score
0.001EPSS