Filtered by vendor Brainstormforce Subscriptions

Search

Switch to Advanced Search (Beta)
Total 65 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-36737 1 Brainstormforce 1 Import \/ Export Customizer Settings 2024-11-21 4.3 Medium
The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2020-13125 1 Brainstormforce 1 Ultimate Addons For Elementor 2024-11-21 6.5 Medium
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.
CVE-2018-20977 1 Brainstormforce 1 Schema 2024-11-21 N/A
The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page.
CVE-2024-10325 1 Brainstormforce 1 Elementor Header \& Footer Builder 2024-11-13 6.4 Medium
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVE-2024-50439 1 Brainstormforce 1 Astra Widgets 2024-11-08 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14.