Lucene search

K

Brainstormforce Security Vulnerabilities

cve
cve

CVE-2024-1814

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-23 11:15 AM
62
cve
cve

CVE-2024-4634

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-16 11:15 AM
27
cve
cve

CVE-2024-2618

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 05:15 AM
28
cve
cve

CVE-2024-4630

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-14 03:44 PM
12
cve
cve

CVE-2024-2141

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

7.6AI Score

0.0004EPSS

2024-03-30 07:15 AM
28
cve
cve

CVE-2024-2305

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-09 07:15 PM
25
cve
cve

CVE-2024-3107

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files....

4.3CVSS

6.3AI Score

0.001EPSS

2024-05-02 05:15 PM
22
cve
cve

CVE-2024-5485

The SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Trigger Link shortcode in all versions up to, and including, 1.0.47 due to insufficient input sanitization and output escaping on user.....

6.4CVSS

6AI Score

0.001EPSS

2024-06-04 07:15 AM
cve
cve

CVE-2024-1467

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...

4.3CVSS

6.4AI Score

0.001EPSS

2024-05-14 02:47 PM
6
cve
cve

CVE-2024-4366

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-24 08:15 AM
28
cve
cve

CVE-2024-2347

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,.....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-09 07:15 PM
42
cve
cve

CVE-2024-2144

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-03-30 07:15 AM
34
cve
cve

CVE-2024-2143

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

7.6AI Score

0.0004EPSS

2024-03-30 07:15 AM
29
cve
cve

CVE-2024-5757

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-13 06:15 AM
15
cve
cve

CVE-2024-5663

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-08 03:15 AM
4
cve
cve

CVE-2024-1815

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-23 11:15 AM
63
cve
cve

CVE-2024-2619

The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...

5CVSS

6.6AI Score

0.0004EPSS

2024-05-16 09:16 PM
30
cve
cve

CVE-2024-2140

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,.....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-03-30 07:15 AM
28
cve
cve

CVE-2024-2142

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-03-30 07:15 AM
32
cve
cve

CVE-2023-6486

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

7.7AI Score

0.0004EPSS

2024-04-09 07:15 PM
23
cve
cve

CVE-2024-1332

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author...

6.4CVSS

7.7AI Score

0.0004EPSS

2024-05-24 07:15 AM
27
cve
cve

CVE-2024-1237

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with.....

6.4CVSS

6.1AI Score

0.0004EPSS

2024-03-13 04:15 PM
6
cve
cve

CVE-2023-23882

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-01-17 05:15 PM
7
cve
cve

CVE-2023-49830

Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through...

9.9CVSS

8.8AI Score

0.0005EPSS

2023-12-29 10:15 AM
49
cve
cve

CVE-2023-51397

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through...

6.5CVSS

5.8AI Score

0.0004EPSS

2023-12-29 11:15 AM
16
cve
cve

CVE-2023-51402

Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through...

8.8CVSS

8.7AI Score

0.001EPSS

2023-12-29 12:15 PM
18
cve
cve

CVE-2023-49833

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through...

6.5CVSS

5.8AI Score

0.0004EPSS

2023-12-14 03:15 PM
19
cve
cve

CVE-2023-41804

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through...

7.1CVSS

5.4AI Score

0.0004EPSS

2023-12-07 11:15 AM
22
cve
cve

CVE-2023-36685

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through...

8.8CVSS

8.6AI Score

0.001EPSS

2023-11-30 02:15 PM
20
cve
cve

CVE-2023-36682

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through...

8.8CVSS

8.6AI Score

0.001EPSS

2023-11-30 02:15 PM
10
cve
cve

CVE-2020-36702

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the.....

5.5CVSS

4.3AI Score

0.001EPSS

2023-06-07 02:15 AM
11
cve
cve

CVE-2020-36737

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to...

4.3CVSS

4.2AI Score

0.001EPSS

2023-07-01 04:15 AM
6
cve
cve

CVE-2020-36747

The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data...

4.3CVSS

4.2AI Score

0.001EPSS

2023-07-01 06:15 AM
5
cve
cve

CVE-2020-36656

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg...

5.4CVSS

5.1AI Score

0.001EPSS

2023-02-21 09:15 AM
20
cve
cve

CVE-2023-46211

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14...

6.5CVSS

5.3AI Score

0.0004EPSS

2023-10-27 09:15 PM
35
cve
cve

CVE-2023-25058

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5...

8.8CVSS

8.8AI Score

0.001EPSS

2023-05-26 03:15 PM
23
cve
cve

CVE-2022-46851

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20...

8.8CVSS

8.8AI Score

0.001EPSS

2023-05-23 02:15 PM
13
cve
cve

CVE-2021-42360

On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block...

7.6CVSS

5.3AI Score

0.001EPSS

2021-11-17 06:15 PM
18
cve
cve

CVE-2021-24507

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading....

9.8CVSS

9.7AI Score

0.002EPSS

2021-08-09 10:15 AM
26
2
cve
cve

CVE-2021-24271

The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar...

5.4CVSS

5.2AI Score

0.001EPSS

2021-05-05 07:15 PM
63
2
cve
cve

CVE-2021-24256

The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar...

5.4CVSS

5.2AI Score

0.001EPSS

2021-05-05 07:15 PM
31
cve
cve

CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is...

6.5CVSS

7.7AI Score

0.002EPSS

2020-05-17 01:15 AM
83
2
cve
cve

CVE-2018-20977

The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings...

6.1CVSS

6AI Score

0.001EPSS

2019-08-21 07:15 PM
28