Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

brainstormforce — Vulnerabilities & Security Advisories 49

Browse all 49 CVE security advisories affecting brainstormforce. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BrainStormForce operates as a provider of enterprise collaboration and knowledge management solutions, primarily serving organizations seeking centralized information sharing platforms. Security audits have identified forty-nine Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem, indicating a significant historical attack surface. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), which allows attackers to inject malicious scripts into web pages viewed by other users, and Remote Code Execution (RCE) flaws that enable unauthorized control over server systems. Additionally, instances of broken access control and privilege escalation have been documented, suggesting weaknesses in user permission management. While no single catastrophic data breach has been widely publicized as a direct result of these specific CVEs, the cumulative nature of these flaws highlights the necessity for rigorous patch management and continuous security monitoring to mitigate risks within deployed environments.

Top products by brainstormforce: Spectra Gutenberg Blocks – Website Builder for the Block Editor Ultimate Addons for Elementor SureForms – Contact Form, Payment Form & Other Custom Form Builder Ultimate Addons for Beaver Builder – Lite CartFlows – Funnel Builder & Checkout Plugin for WooCommerce Starter Templates – AI-Powered Templates for Elementor & Gutenberg Astra Custom Fonts – Host Your Fonts Locally OttoKit: All-in-One Automation Platform SureForms – Drag and Drop Form Builder for WordPress Starter Templates — Elementor, Gutenberg & Beaver Builder Templates Import / Export Customizer Settings Lightweight Sidebar Manager SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers
CVE IDTitleCVSSSeverityPublished
CVE-2024-2619 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Author+) HTML Injection — Ultimate Addons for ElementorCWE-862 5.0 Medium2024-05-16
CVE-2024-4634 Elementor Header & Footer Builder <= 1.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Addons for ElementorCWE-79 6.4 Medium2024-05-16
CVE-2024-4630 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Starter Templates – AI-Powered Templates for Elementor & GutenbergCWE-79 6.4 Medium2024-05-11
CVE-2024-1467 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery — Starter Templates – AI-Powered Templates for Elementor & GutenbergCWE-918 4.3 Medium2024-05-09
CVE-2024-3107 Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-22 4.3 Medium2024-05-02
CVE-2024-2347 Astra <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name — AstraCWE-79 6.4 Medium2024-04-09
CVE-2023-6486 Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-79 6.4 Medium2024-04-09
CVE-2024-2142 Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget — Ultimate Addons for Beaver Builder – LiteCWE-79 6.4 Medium2024-03-30
CVE-2024-2140 Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget — Ultimate Addons for Beaver Builder – LiteCWE-79 6.4 Medium2024-03-30
CVE-2024-2144 Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget — Ultimate Addons for Beaver Builder – LiteCWE-79 6.4 Medium2024-03-30
CVE-2024-2141 Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget — Ultimate Addons for Beaver Builder – LiteCWE-79 6.4 Medium2024-03-30
CVE-2024-2143 Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget — Ultimate Addons for Beaver Builder – LiteCWE-79 6.4 Medium2024-03-30
CVE-2024-1237 Elementor Header & Footer Builder <= 1.6.24 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Addons for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2020-36747 Lightweight Sidebar Manager <= 1.1.4 - Cross-Site Request Forgery Bypass — Lightweight Sidebar ManagerCWE-352 4.3 Medium2023-07-01
CVE-2020-36736 WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass — CartFlows – Funnel Builder & Checkout Plugin for WooCommerceCWE-352 4.3 Medium2023-07-01
CVE-2020-36737 Import / Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass — Import / Export Customizer SettingsCWE-352 4.3 Medium2023-07-01
CVE-2019-25151 Funnel Builder <= 1.3.0 - Arbitrary Plugin Activation — CartFlows – Funnel Builder & Checkout Plugin for WooCommerceCWE-269 5.4 Medium2023-06-07
CVE-2020-36702 Spectra – WordPress Gutenberg Blocks <= 1.14.7 - Missing Authorization — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-862 5.5 Medium2023-06-07
CVE-2021-42360 Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 Authenticated Block Import to Stored XSS — Starter Templates — Elementor, Gutenberg & Beaver Builder TemplatesCWE-284 7.6 High2021-11-17

This page lists every published CVE security advisory associated with brainstormforce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.