brainstormforce
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting brainstormforce.
- CVE-2026-7465Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes8.8
- CVE-2026-4987SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'7.5
- CVE-2026-3534Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta6.4
- CVE-2026-28038WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability6.5
- CVE-2026-0950Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data5.3
- CVE-2025-14351Custom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion5.3
- CVE-2025-14855SureForms <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting7.2
- CVE-2025-13065Starter Templates <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass8.8
- CVE-2025-13516SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload8.1
- CVE-2025-12535SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution5.3
- CVE-2025-12536SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure5.3
- CVE-2025-11162Spectra <= 2.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom CSS6.4
- CVE-2025-48088WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.1 - Cross Site Scripting (XSS) vulnerability6.5
- CVE-2025-10732SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure4.3
- CVE-2025-10489SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation4.3