Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Brainstorm Force — Vulnerabilities & Security Advisories 60

Browse all 60 CVE security advisories affecting Brainstorm Force. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Brainstorm Force:SpectraUltimate Addons for WPBakeryConvertPlusUltimate Addons for WPBakery Page BuilderAstra WidgetsStarter TemplatesUltimate Addons for ElementorCartFlowsSureDashOttoKitAstra Bulk EditUltimate Addons for Beaver BuilderSpectra ProUltimate Addons for Beaver Builder – LiteStarter Templates — Elementor, WordPress & Beaver Builder TemplatesAstraProjectHuddle Client SitePremium Starter TemplatesPre-Publish ChecklistConvert ProWP Remote Site SearchAstra ProSureMembersSpectra – WordPress Gutenberg BlocksSureRankSigmizeSchema – All In One Schema Rich Snippets
CVE IDTitleCVSSSeverityPublished
CVE-2026-39477 WordPress CartFlows plugin <= 2.2.3 - Broken Access Control vulnerability — CartFlowsCWE-862 8.1AIHighAI2026-04-08
CVE-2026-39479 WordPress OttoKit plugin <= 1.1.20 - SQL Injection vulnerability — OttoKitCWE-89 9.8AICriticalAI2026-04-08
CVE-2026-34889 WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.4 - Cross Site Scripting (XSS) vulnerability — Ultimate Addons for WPBakery Page BuilderCWE-79 6.5 Medium2026-04-01
CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability — Astra Bulk EditCWE-79 6.1 -2026-03-13
CVE-2026-25316 WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability — CartFlowsCWE-502 9.8AICriticalAI2026-02-19
CVE-2026-24982 WordPress Spectra plugin <= 2.19.17 - Broken Access Control vulnerability — SpectraCWE-862 8.1AIHighAI2026-02-03
CVE-2026-24962 WordPress Sigmize plugin <= 0.0.9 - Cross Site Request Forgery (CSRF) vulnerability — SigmizeCWE-352 8.8AIHighAI2026-02-03
CVE-2025-68497 WordPress Astra Widgets plugin <= 1.2.16 - Cross Site Scripting (XSS) vulnerability — Astra WidgetsCWE-79 5.9 Medium2025-12-24
CVE-2023-23729 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Contributor+ reCAPTCHA Settings Change Vulnerability — SpectraCWE-862 5.4 Medium2025-12-09
CVE-2025-62059 WordPress SureRank plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — SureRankCWE-79 6.1 -2025-11-06
CVE-2025-11814 Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2025-10-16
CVE-2025-48164 WordPress SureDash <= 1.0.3 - Privilege Escalation Vulnerability — SureDashCWE-266 8.8 High2025-08-20
CVE-2025-54685 WordPress SureDash Plugin <= 1.1.0 - Sensitive Data Exposure Vulnerability — SureDashCWE-201 6.5 Medium2025-08-14
CVE-2025-27007 WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability — OttoKitCWE-266 9.8 Critical2025-05-01
CVE-2024-12434 SureMembers <= 1.10.6 - Sensitive Information Exposure — SureMembersCWE-200 5.3 Medium2025-02-26
CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — ConvertPlusCWE-862 8.1 High2025-02-12
CVE-2025-24568 WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability — Starter TemplatesCWE-352 4.3 Medium2025-01-24
CVE-2024-56274 WordPress Astra Widgets plugin <= 1.2.15 - Cross Site Scripting (XSS) vulnerability — Astra WidgetsCWE-79 6.5 Medium2025-01-07
CVE-2023-23834 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerability — SpectraCWE-862 4.3 Medium2024-12-09
CVE-2023-23825 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability — SpectraCWE-862 3.1 Low2024-12-09
CVE-2024-37517 WordPress Spectra plugin <= 2.13.7 - Broken Access Control vulnerability — SpectraCWE-862 4.3 Medium2024-11-01
CVE-2024-50439 WordPress Astra Widgets plugin <= 1.2.14 - Stored Cross Site Scripting (XSS) vulnerability — Astra WidgetsCWE-79 6.5 Medium2024-10-28
CVE-2024-47345 WordPress Starter Templates plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability — Starter TemplatesCWE-79 5.9 Medium2024-10-06
CVE-2024-43151 WordPress Ultimate Addons for Beaver Builder – Lite plugin <= 1.5.9 - Cross Site Scripting (XSS) vulnerability — Ultimate Addons for Beaver Builder – LiteCWE-79 6.5 Medium2024-08-12
CVE-2024-7590 WordPress Spectra plugin<= 2.14.1 - Cross Site Scripting (XSS) vulnerability — SpectraCWE-79 6.5 Medium2024-08-12
CVE-2024-3827 Spectra Pro <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs — Spectra ProCWE-79 6.4 Medium2024-08-02
CVE-2024-5251 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2024-07-17
CVE-2024-5253 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2024-07-17
CVE-2024-5252 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2024-07-17
CVE-2024-5255 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2024-07-17

This page lists every published CVE security advisory associated with Brainstorm Force. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.