Lucene search
K
BrainstormforceSpectra

18 matches found

CVE
CVE
added 2024/05/23 11:2 a.m.120 views

CVE-2024-1815

The CVE concerns Spectra – WordPress Gutenberg Blocks (Spectra plugin) with Stored Cross-Site Scripting via the Image Gallery block. The issue affects all versions up to and including 2.12.8 and arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling ...

6.4CVSS5.9AI score0.00265EPSS
CVE
CVE
added 2024/05/23 11:2 a.m.111 views

CVE-2024-1814

CVE-2024-1814 affects Spectra – WordPress Gutenberg Blocks plugin for WordPress. It is a Stored XSS in the Testimonial block across all versions up to 2.12.8, caused by insufficient input sanitization and output escaping of user-provided attributes. Authenticated attackers with contributor-level ...

6.4CVSS5.9AI score0.00257EPSS
CVE
CVE
added 2024/03/28 5:58 a.m.86 views

CVE-2023-36679

CVE-2023-36679 affects Spectra (WordPress plugin) up to version 2.6.6. Reported as Server-Side Request Forgery (SSRF) with authenticated access (Contributor+). Root cause cited in Patchstack entry as SSRF via template_importer/import_wpforms functionality; fixed in version 2.6.7. Severity listed ...

7.1CVSS8AI score0.00331EPSS
CVE
CVE
added 2024/04/09 6:59 p.m.71 views

CVE-2023-6486

CVE-2023-6486 (Spectra – WordPress Gutenberg Blocks) Stored Cross‑Site Scripting via the Custom CSS metabox in Spectra. Affected: all versions up to 2.10.3. Root cause: insufficient input sanitization and output escaping in the metabox. Impact: authenticated attackers with contributor level or hi...

6.4CVSS7.7AI score0.00572EPSS
CVE
CVE
added 2024/12/09 11:31 a.m.67 views

CVE-2023-23825

CVE-2023-23825 affects the Brainstorm Force Spectra WordPress plugin, specifically Spectra versions through 2.3.0. The issue is described as a Missing Authorization vulnerability stemming from incorrectly configured access control, leading to Broken Access Control. Public sources in the connected...

8.8CVSS5.1AI score0.00539EPSS
CVE
CVE
added 2024/12/03 5:33 a.m.67 views

CVE-2024-10484

CVE-2024-10484: Spectra – WordPress Gutenberg Blocks plugin (≤2.16.2) is vulnerable to Stored XSS via the Team widget due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication (contributor level or higher) and can cause arbitrary ...

6.4CVSS5.7AI score0.00288EPSS
CVE
CVE
added 2024/05/24 7:30 a.m.67 views

CVE-2024-4366

The CVE CVE-2024-4366 affects Spectra – WordPress Gutenberg Blocks (Spectra plugin) for WordPress. It enables Stored Cross-Site Scripting via the block_id parameter in versions up to and including 2.13.0 due to insufficient input sanitization and output escaping. The vulnerability can be exploite...

6.4CVSS5.9AI score0.00263EPSS
CVE
CVE
added 2024/12/09 11:31 a.m.63 views

CVE-2023-23834

CVE-2023-23834 affects Brainstorm Force Spectra (WordPress Gutenberg Blocks plugin) up to version 2.3.0. The issue is due to Missing Authorization / Broken Access Control arising from incorrectly configured access control security levels, allowing unauthenticated access to privileged actions. The...

9.8CVSS5.1AI score0.00642EPSS
CVE
CVE
added 2024/05/02 4:51 p.m.63 views

CVE-2024-3107

CVE-2024-3107 (Spectra – WordPress Gutenberg Blocks) : The Spectra plugin for WordPress is vulnerable to a Path Traversal flaw in get_block_default_attributes, affecting versions up to 2.12.6. Authenticated users with contributor-level permissions and above can read arbitrary files named attribut...

4.3CVSS6.3AI score0.00618EPSS
CVE
CVE
added 2024/08/12 9:47 p.m.59 views

CVE-2024-7590

CVE-2024-7590 is a stored Cross-Site Scripting (XSS) vulnerability in the Spectra WordPress Gutenberg Blocks plugin (Brainstorm Force Spectra). The issue arises from improper input neutralization during web page generation, enabling stored XSS. Affected range: Spectra versions from unspecified in...

6.5CVSS5.9AI score0.00308EPSS
CVE
CVE
added 2024/11/01 2:18 p.m.56 views

CVE-2024-37517

CVE-2024-37517 is a Missing Authorization vulnerability in Spectra (WordPress Gutenberg Blocks by Ultimate Addons for Gutenberg) affecting Spectra up to version 2.13.7. The issue enables unauthorized actions due to misconfigured access controls (Missing Authorization to generate_ai_content). Publ...

8.8CVSS4.6AI score0.00421EPSS
CVE
CVE
added 2024/06/03 9:24 p.m.55 views

CVE-2023-23730

The CVE-2023-23730 issue affects the WordPress Spectra block (Ultimate Addons for Gutenberg) with Spectra versions

5.3CVSS5.4AI score0.00372EPSS
CVE
CVE
added 2023/02/21 8:50 a.m.54 views

CVE-2020-36656

The CVE-2020-36656 entry concerns the Spectra WordPress Gutenberg Blocks Plugin for WordPress, with versions prior to 1.15.0 vulnerable to stored XSS due to insufficient sanitization of user input in a style HTML attribute. The underlying issue allows contributors (required privileges) to inject ...

5.4CVSS5.2AI score0.00507EPSS
CVE
CVE
added 2023/12/14 2:26 p.m.54 views

CVE-2023-49833

CVE-2023-49833 (Spectra – WordPress Gutenberg Blocks) is a stored XSS in Spectra up to v2.7.9 caused by improper neutralization of input during web page generation. Affected product: Spectra (Ultimate Addons for Gutenberg) for WordPress; vulnerability requires authenticated access (Contributor+)....

6.5CVSS6.7AI score0.0056EPSS
CVE
CVE
added 2024/06/03 9:26 p.m.53 views

CVE-2023-23735

CVE-2023-23735 affects the WordPress Spectra (WordPress Gutenberg Blocks) plugin. Vulnerable if using Spectra ≤ 2.3.0, where improper neutralization of script-related HTML tags enables unauthenticated email HTML injection (content injection). Root cause: inadequate input/output sanitization in th...

6.1CVSS5.4AI score0.00283EPSS
CVE
CVE
added 2024/06/03 9:33 p.m.52 views

CVE-2023-23738

CVE-2023-23738 affects the WordPress Spectra integration in the Ultimate Addons for Gutenberg plugin (Spectra blocks) up to version 2.3.0. The issue is an Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) that enables unauthenticated email spoofing/C...

5.3CVSS5.3AI score0.0033EPSS
CVE
CVE
added 2024/06/19 1:52 p.m.52 views

CVE-2023-36676

CVE-2023-36676 affects the WordPress Spectra plugin (Brainstorm Force Spectra) up to version 2.6.6. The issue is a Missing/Broken Authorization vulnerability (Broken Access Control) in Spectra prior to the fix. Patchstack lists the vulnerable range as

8.8CVSS6.3AI score0.00459EPSS
CVE
CVE
added 2023/06/07 1:51 a.m.45 views

CVE-2020-36702

The CVE-2020-36702 entry concerns the WordPress plugin “Ultimate Addons for Gutenberg.” Vulnerability: authenticated users with subscriber+ roles can change plugin settings due to missing capability checks on several AJAX actions. Affected versions: up to and including 1.14.7. Impact: unauthorize...

5.5CVSS4.3AI score0.0042EPSS