VYPR

Vendor CVEs

Brainstormforce

All CVEs

80 total · sorted by risk
  • CVE-2023-23882MedJan 17, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5.

  • CVE-2023-51402MedDec 29, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17.

  • CVE-2023-36685MedNov 30, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12.

  • CVE-2020-36747MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.00

    The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to…

  • CVE-2020-36737MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.00

    The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated…

  • CVE-2025-14351MedJan 20, 2026
    risk 0.27cvss 5.3epss 0.00

    The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCF_Google_Fonts_Compatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible…

  • CVE-2024-1467MedMay 14, 2024
    risk 0.21cvss 4.3epss 0.01

    The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with…

  • CVE-2024-3107MedMay 2, 2024
    risk 0.21cvss 4.3epss 0.01

    The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the…

  • CVE-2020-36736MedJul 1, 2023
    risk 0.21cvss 4.3epss 0.00

    The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions.…

  • CVE-2023-23825LowDec 9, 2024
    risk 0.20cvss 3.1epss 0.01

    Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.

  • CVE-2024-10484Dec 3, 2024
    risk 0.00cvss epss 0.00

    The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2024-10325Nov 8, 2024
    risk 0.00cvss epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-37517Nov 1, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7.

  • CVE-2024-10050Oct 24, 2024
    risk 0.00cvss epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view…

  • CVE-2024-43151Aug 12, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9.

  • CVE-2024-3827Aug 2, 2024
    risk 0.00cvss epss 0.00

    The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,…

  • CVE-2024-37278Jul 22, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Cards for Beaver Builder.This issue affects Cards for Beaver Builder: from n/a through 1.1.4.

  • CVE-2023-36676Jun 19, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.

  • CVE-2023-41805Jun 19, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.

  • CVE-2023-44148Jun 19, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.

  • CVE-2023-51376Jun 14, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.

  • CVE-2023-23738Jun 3, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through 2.3.0.

  • CVE-2023-23735Jun 3, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0.

  • CVE-2023-23730Jun 3, 2024
    risk 0.00cvss epss 0.00

    Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0.

  • CVE-2023-51401May 17, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13.

  • CVE-2023-51398May 17, 2024
    risk 0.00cvss epss 0.01

    Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14.

  • CVE-2023-46211Oct 27, 2023
    risk 0.00cvss epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.

  • CVE-2023-36686Aug 5, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.

  • CVE-2022-46851May 23, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions.

  • CVE-2021-24256May 5, 2021
    risk 0.00cvss epss 0.01

    The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Page 2 of 2