Show filters
24 Total Results
Displaying 1-10 of 24
Sort by:
Attacker Value
Unknown

CVE-2024-13800

Disclosure Date: February 12, 2025 (last updated February 12, 2025)
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2025-24568

Disclosure Date: January 24, 2025 (last updated January 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows Cross Site Request Forgery. This issue affects Starter Templates: from n/a through 4.4.9.
0
0
Attacker Value
Unknown

CVE-2024-56274

Disclosure Date: January 07, 2025 (last updated January 07, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.15.
0
0
Attacker Value
Unknown

CVE-2023-23834

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
0
0
Attacker Value
Unknown

CVE-2023-23825

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
0
0
Attacker Value
Unknown

CVE-2024-37517

Disclosure Date: November 01, 2024 (last updated November 02, 2024)
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7.
0
0
Attacker Value
Unknown

CVE-2024-47345

Disclosure Date: October 06, 2024 (last updated October 06, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Starter Templates allows Stored XSS.This issue affects Starter Templates: from n/a through 4.4.0.
0
0
Attacker Value
Unknown

CVE-2024-7590

Disclosure Date: August 12, 2024 (last updated August 13, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Spectra allows Stored XSS.This issue affects Spectra: from n/a through 2.14.1.
0
0
Attacker Value
Unknown

CVE-2024-43151

Disclosure Date: August 12, 2024 (last updated August 13, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9.
0
0
Attacker Value
Unknown

CVE-2024-3827

Disclosure Date: August 02, 2024 (last updated August 02, 2024)
The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  Next >