Filtered by vendor Brainstormforce
Subscribe
Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20977 | 1 Brainstormforce | 1 Schema | 2025-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. | |||||
| CVE-2023-25058 | 1 Brainstormforce | 1 Schema | 2025-06-27 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. | |||||
| CVE-2023-36682 | 1 Brainstormforce | 1 Schema | 2025-06-27 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7. | |||||
| CVE-2024-1564 | 1 Brainstormforce | 1 Schema | 2025-06-27 | N/A | 4.3 MEDIUM |
| The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode | |||||
| CVE-2025-3513 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | N/A | 3.5 LOW |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-3514 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | N/A | 3.5 LOW |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-43151 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-27 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9. | |||||
| CVE-2023-51398 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14. | |||||
| CVE-2023-51401 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | N/A | 6.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13. | |||||
| CVE-2025-3471 | 1 Brainstormforce | 1 Sureforms | 2025-05-09 | N/A | 4.9 MEDIUM |
| The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action | |||||
| CVE-2020-36656 | 1 Brainstormforce | 1 Spectra | 2025-04-23 | N/A | 5.4 MEDIUM |
| The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. | |||||
| CVE-2023-23738 | 1 Brainstormforce | 1 Spectra | 2025-04-10 | N/A | 5.3 MEDIUM |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through 2.3.0. | |||||
| CVE-2023-23730 | 1 Brainstormforce | 1 Spectra | 2025-04-10 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0. | |||||
| CVE-2024-1332 | 1 Brainstormforce | 1 Custom Fonts | 2025-04-04 | N/A | 6.4 MEDIUM |
| The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-37517 | 1 Brainstormforce | 1 Spectra | 2025-03-06 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7. | |||||
| CVE-2023-36679 | 1 Brainstormforce | 1 Spectra | 2025-03-05 | N/A | 7.1 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. | |||||
| CVE-2023-23825 | 1 Brainstormforce | 1 Spectra | 2025-03-01 | N/A | 3.1 LOW |
| Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | |||||
| CVE-2023-23834 | 1 Brainstormforce | 1 Spectra | 2025-03-01 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | |||||
| CVE-2024-7590 | 1 Brainstormforce | 1 Spectra | 2025-03-01 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Spectra allows Stored XSS.This issue affects Spectra: from n/a through 2.14.1. | |||||
| CVE-2023-23735 | 1 Brainstormforce | 1 Spectra | 2025-03-01 | N/A | 5.3 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0. | |||||