Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Brainstorm Force — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting Brainstorm Force. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Brainstorm Force is a software development firm specializing in WordPress plugins and themes, primarily catering to e-commerce and membership site functionalities. Their extensive portfolio has resulted in a significant security footprint, with sixty-two Common Vulnerabilities and Exposures (CVEs) currently documented. Historical analysis reveals that these vulnerabilities predominantly stem from insufficient input validation and sanitization, leading to frequent instances of Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Privilege escalation flaws are also common, often allowing unauthenticated users to perform administrative actions. While the company generally responds to disclosed issues, the high volume of past incidents indicates systemic challenges in their secure coding practices. These recurring defects highlight the risks associated with widely deployed, complex WordPress ecosystems where third-party extensions may lack rigorous security auditing, necessitating careful vetting by administrators relying on their tools.

Top products by Brainstorm Force: Spectra Ultimate Addons for WPBakery ConvertPlus Astra Widgets Starter Templates Ultimate Addons for WPBakery Page Builder CartFlows Astra Bulk Edit OttoKit Ultimate Addons for Elementor Ultimate Addons for Beaver Builder Spectra Pro SureDash Ultimate Addons for Beaver Builder – Lite Starter Templates — Elementor, WordPress & Beaver Builder Templates ProjectHuddle Client Site SureRank SureMembers Sigmize SureForms Pro Convert Pro Pre-Publish Checklist Premium Starter Templates Astra WP Remote Site Search Astra Pro Spectra – WordPress Gutenberg Blocks Schema – All In One Schema Rich Snippets
CVE IDTitleCVSSSeverityPublished
CVE-2024-5255 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2024-07-17
CVE-2024-5252 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2024-07-17
CVE-2024-5254 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2024-07-17
CVE-2024-37455 WordPress Ultimate Addons for elementor plugin <= 1.36.31 - Privilege Escalation vulnerability — Ultimate Addons for ElementorCWE-269 8.8 High2024-07-09
CVE-2023-36676 WordPress Spectra plugin <= 2.6.6 - Broken Access Control vulnerability — SpectraCWE-862 5.4 Medium2024-06-19
CVE-2023-36684 WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability — Convert ProCWE-862 7.1 High2024-06-19
CVE-2023-41805 Broken Access Control vulnerability in multiple Brainstorm Force plugins — Premium Starter TemplatesCWE-862 6.5 Medium2024-06-19
CVE-2023-44148 WordPress Astra Bulk Edit plugin <= 1.2.7 - Broken Access Control vulnerability — Astra Bulk EditCWE-862 5.4 Medium2024-06-19
CVE-2023-44151 WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability — Pre-Publish ChecklistCWE-862 5.4 Medium2024-06-19
CVE-2023-51376 WordPress ProjectHuddle Client Site plugin <= 1.0.34 - Broken Access Control vulnerability — ProjectHuddle Client SiteCWE-862 4.3 Medium2024-06-14
CVE-2023-23738 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability — SpectraCWE-74 5.3 Medium2024-06-03
CVE-2023-23735 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability — SpectraCWE-80 5.3 Medium2024-06-03
CVE-2023-23730 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Captcha Bypass Vulnerability — SpectraCWE-307 5.3 Medium2024-06-03
CVE-2023-51401 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.13 - Limited Arbitrary File Download vulnerability — Ultimate Addons for Beaver BuilderCWE-22 6.3 Medium2024-05-17
CVE-2023-51398 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.14 - Privilege Escalation vulnerability — Ultimate Addons for Beaver BuilderCWE-269 8.8 High2024-05-17
CVE-2023-50890 WordPress Ultimate Addons for Elementor plugin <= 1.36.20 - Privilege Escalation vulnerability — Ultimate Addons for ElementorCWE-269 8.8 High2024-05-17
CVE-2023-46205 WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 - Local File Inclusion vulnerability — Ultimate Addons for WPBakery Page BuilderCWE-22 7.1 High2024-05-17
CVE-2024-4838 ConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection — ConvertPlusCWE-502 7.5 High2024-05-16
CVE-2024-3828 Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation — Spectra ProCWE-269 8.8 High2024-05-10
CVE-2024-3240 ConvertPlug <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection — ConvertPlusCWE-502 8.8 High2024-05-04
CVE-2024-3237 ConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update — ConvertPlusCWE-862 5.4 Medium2024-05-04
CVE-2023-34370 Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins — Starter Templates — Elementor, WordPress & Beaver Builder TemplatesCWE-918 7.1 High2024-03-28
CVE-2023-36679 WordPress Spectra plugin <= 2.6.6 - Server Side Request Forgery (SSRF) vulnerability — SpectraCWE-918 7.1 High2024-03-28
CVE-2024-29768 WordPress Astra theme <= 4.6.4 - Cross Site Scripting (XSS) vulnerability — AstraCWE-79 5.9 Medium2024-03-27
CVE-2023-23882 WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access Control — Ultimate Addons for Beaver Builder – LiteCWE-862 4.3 Medium2024-01-17
CVE-2023-51397 WordPress WP Remote Site Search Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) — WP Remote Site SearchCWE-79 6.5 Medium2023-12-29
CVE-2023-49830 WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE) — Astra ProCWE-94 9.9 Critical2023-12-29
CVE-2023-49833 WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS) — Spectra – WordPress Gutenberg BlocksCWE-79 6.5 Medium2023-12-14
CVE-2023-41804 WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF) — Starter Templates — Elementor, WordPress & Beaver Builder TemplatesCWE-918 7.1 High2023-12-07
CVE-2023-46211 WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.14 is vulnerable to Cross Site Scripting (XSS) — Ultimate Addons for WPBakery Page BuilderCWE-79 6.5 Medium2023-10-27

This page lists every published CVE security advisory associated with Brainstorm Force. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.