Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Brainstorm Force — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting Brainstorm Force. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Brainstorm Force is a software development firm specializing in WordPress plugins and themes, primarily catering to e-commerce and membership site functionalities. Their extensive portfolio has resulted in a significant security footprint, with sixty-two Common Vulnerabilities and Exposures (CVEs) currently documented. Historical analysis reveals that these vulnerabilities predominantly stem from insufficient input validation and sanitization, leading to frequent instances of Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Privilege escalation flaws are also common, often allowing unauthenticated users to perform administrative actions. While the company generally responds to disclosed issues, the high volume of past incidents indicates systemic challenges in their secure coding practices. These recurring defects highlight the risks associated with widely deployed, complex WordPress ecosystems where third-party extensions may lack rigorous security auditing, necessitating careful vetting by administrators relying on their tools.

Top products by Brainstorm Force: Spectra Ultimate Addons for WPBakery ConvertPlus Astra Widgets Starter Templates Ultimate Addons for WPBakery Page Builder CartFlows Astra Bulk Edit OttoKit Ultimate Addons for Elementor Ultimate Addons for Beaver Builder Spectra Pro SureDash Ultimate Addons for Beaver Builder – Lite Starter Templates — Elementor, WordPress & Beaver Builder Templates ProjectHuddle Client Site SureRank SureMembers Sigmize SureForms Pro Convert Pro Pre-Publish Checklist Premium Starter Templates Astra WP Remote Site Search Astra Pro Spectra – WordPress Gutenberg Blocks Schema – All In One Schema Rich Snippets
CVE IDTitleCVSSSeverityPublished
CVE-2026-42648 WordPress Spectra plugin <= 2.19.22 - Broken Access Control vulnerability — SpectraCWE-862 4.3 Medium2026-04-29
CVE-2026-42377 WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability — SureForms ProCWE-862 7.3 High2026-04-29
CVE-2026-39477 WordPress CartFlows plugin <= 2.2.3 - Broken Access Control vulnerability — CartFlowsCWE-862 4.3 Medium2026-04-08
CVE-2026-39479 WordPress OttoKit plugin <= 1.1.20 - SQL Injection vulnerability — OttoKitCWE-89 7.6 High2026-04-08
CVE-2026-34889 WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.4 - Cross Site Scripting (XSS) vulnerability — Ultimate Addons for WPBakery Page BuilderCWE-79 6.5 Medium2026-04-01
CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability — Astra Bulk EditCWE-79 6.5 Medium2026-03-13
CVE-2026-25316 WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability — CartFlowsCWE-502 7.2 High2026-02-19
CVE-2026-24982 WordPress Spectra plugin <= 2.19.17 - Broken Access Control vulnerability — SpectraCWE-862 5.3 Medium2026-02-03
CVE-2026-24962 WordPress Sigmize plugin <= 0.0.9 - Cross Site Request Forgery (CSRF) vulnerability — SigmizeCWE-352 4.3 Medium2026-02-03
CVE-2025-68497 WordPress Astra Widgets plugin <= 1.2.16 - Cross Site Scripting (XSS) vulnerability — Astra WidgetsCWE-79 5.9 Medium2025-12-24
CVE-2023-23729 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Contributor+ reCAPTCHA Settings Change Vulnerability — SpectraCWE-862 5.4 Medium2025-12-09
CVE-2025-62059 WordPress SureRank plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — SureRankCWE-79 7.1 High2025-11-06
CVE-2025-11814 Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2025-10-16
CVE-2025-48164 WordPress SureDash <= 1.0.3 - Privilege Escalation Vulnerability — SureDashCWE-266 8.8 High2025-08-20
CVE-2025-54685 WordPress SureDash Plugin <= 1.1.0 - Sensitive Data Exposure Vulnerability — SureDashCWE-201 6.5 Medium2025-08-14
CVE-2025-27007 WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability — OttoKitCWE-266 9.8 Critical2025-05-01
CVE-2024-12434 SureMembers <= 1.10.6 - Sensitive Information Exposure — SureMembersCWE-200 5.3 Medium2025-02-26
CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — ConvertPlusCWE-862 8.1 High2025-02-12
CVE-2025-24568 WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability — Starter TemplatesCWE-352 4.3 Medium2025-01-24
CVE-2024-56274 WordPress Astra Widgets plugin <= 1.2.15 - Cross Site Scripting (XSS) vulnerability — Astra WidgetsCWE-79 6.5 Medium2025-01-07
CVE-2023-23834 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerability — SpectraCWE-862 4.3 Medium2024-12-09
CVE-2023-23825 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability — SpectraCWE-862 3.1 Low2024-12-09
CVE-2024-37517 WordPress Spectra plugin <= 2.13.7 - Broken Access Control vulnerability — SpectraCWE-862 4.3 Medium2024-11-01
CVE-2024-50439 WordPress Astra Widgets plugin <= 1.2.14 - Stored Cross Site Scripting (XSS) vulnerability — Astra WidgetsCWE-79 6.5 Medium2024-10-28
CVE-2024-47345 WordPress Starter Templates plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability — Starter TemplatesCWE-79 5.9 Medium2024-10-06
CVE-2024-43151 WordPress Ultimate Addons for Beaver Builder – Lite plugin <= 1.5.9 - Cross Site Scripting (XSS) vulnerability — Ultimate Addons for Beaver Builder – LiteCWE-79 6.5 Medium2024-08-12
CVE-2024-7590 WordPress Spectra plugin<= 2.14.1 - Cross Site Scripting (XSS) vulnerability — SpectraCWE-79 6.5 Medium2024-08-12
CVE-2024-3827 Spectra Pro <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs — Spectra ProCWE-79 6.4 Medium2024-08-02
CVE-2024-5251 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2024-07-17
CVE-2024-5253 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2024-07-17

This page lists every published CVE security advisory associated with Brainstorm Force. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.