Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

brainstormforce — Vulnerabilities & Security Advisories 49

Browse all 49 CVE security advisories affecting brainstormforce. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BrainStormForce operates as a provider of enterprise collaboration and knowledge management solutions, primarily serving organizations seeking centralized information sharing platforms. Security audits have identified forty-nine Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem, indicating a significant historical attack surface. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), which allows attackers to inject malicious scripts into web pages viewed by other users, and Remote Code Execution (RCE) flaws that enable unauthorized control over server systems. Additionally, instances of broken access control and privilege escalation have been documented, suggesting weaknesses in user permission management. While no single catastrophic data breach has been widely publicized as a direct result of these specific CVEs, the cumulative nature of these flaws highlights the necessity for rigorous patch management and continuous security monitoring to mitigate risks within deployed environments.

Top products by brainstormforce: Spectra Gutenberg Blocks – Website Builder for the Block Editor Ultimate Addons for Elementor SureForms – Contact Form, Payment Form & Other Custom Form Builder Ultimate Addons for Beaver Builder – Lite CartFlows – Funnel Builder & Checkout Plugin for WooCommerce Starter Templates – AI-Powered Templates for Elementor & Gutenberg Astra Custom Fonts – Host Your Fonts Locally OttoKit: All-in-One Automation Platform SureForms – Drag and Drop Form Builder for WordPress Starter Templates — Elementor, Gutenberg & Beaver Builder Templates Import / Export Customizer Settings Lightweight Sidebar Manager SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers
CVE IDTitleCVSSSeverityPublished
CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id' — SureForms – Contact Form, Payment Form & Other Custom Form BuilderCWE-20 7.5 High2026-03-28
CVE-2026-3534 Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta — AstraCWE-79 6.4 Medium2026-03-11
CVE-2026-0950 Spectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-200 5.3 Medium2026-02-03
CVE-2025-14351 Custom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion — Custom Fonts – Host Your Fonts LocallyCWE-862 5.3 Medium2026-01-20
CVE-2025-14855 SureForms <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting — SureForms – Contact Form, Payment Form & Other Custom Form BuilderCWE-79 7.2 High2025-12-21
CVE-2025-13065 Starter Templates <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass — Starter Templates – AI-Powered Templates for Elementor & GutenbergCWE-434 8.8 High2025-12-06
CVE-2025-13516 SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload — SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other ProvidersCWE-434 8.1 High2025-12-02
CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution — SureForms – Contact Form, Payment Form & Other Custom Form BuilderCWE-352 5.3 Medium2025-11-19
CVE-2025-12536 SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure — SureForms – Contact Form, Payment Form & Other Custom Form BuilderCWE-359 5.3 Medium2025-11-13
CVE-2025-11162 Spectra <= 2.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom CSS — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-79 6.4 Medium2025-11-05
CVE-2025-10732 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure — SureForms – Contact Form, Payment Form & Other Custom Form BuilderCWE-862 4.3 Medium2025-10-14
CVE-2025-10489 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation — SureForms – Contact Form, Payment Form & Other Custom Form BuilderCWE-862 4.3 Medium2025-09-20
CVE-2025-8488 Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update — Ultimate Addons for ElementorCWE-862 4.3 Medium2025-08-02
CVE-2025-6691 SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion — SureForms – Drag and Drop Form Builder for WordPressCWE-73 8.1 High2025-07-09
CVE-2025-6742 SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion — SureForms – Drag and Drop Form Builder for WordPressCWE-502 7.5 High2025-07-09
CVE-2025-3102 SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation — OttoKit: All-in-One Automation PlatformCWE-697 8.1 High2025-04-10
CVE-2025-1784 Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-79 6.4 Medium2025-03-26
CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure — SureForms – Contact Form, Payment Form & Other Custom Form BuilderCWE-862 5.3 Medium2025-01-08
CVE-2024-11230 Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget — Ultimate Addons for ElementorCWE-79 6.4 Medium2024-12-23
CVE-2024-10484 Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-79 6.4 Medium2024-12-03
CVE-2024-10325 Elementor Header & Footer Builder <= 1.6.45 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Ultimate Addons for ElementorCWE-79 6.4 Medium2024-11-08
CVE-2024-10050 Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode — Ultimate Addons for ElementorCWE-200 4.3 Medium2024-10-24
CVE-2024-4632 WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — CartFlows – Funnel Builder & Checkout Plugin for WooCommerceCWE-79 6.4 Medium2024-06-19
CVE-2024-5757 Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget — Ultimate Addons for ElementorCWE-79 6.4 Medium2024-06-13
CVE-2024-5485 SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! <= 1.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trigger Link Shortcode — OttoKit: All-in-One Automation PlatformCWE-79 6.4 Medium2024-06-04
CVE-2024-4366 Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-79 6.4 Medium2024-05-24
CVE-2024-1332 Custom Fonts – Host Your Fonts Locally <= 2.1.4 - Authenticated (Author+) Stored Cross-Site Scripting — Custom Fonts – Host Your Fonts LocallyCWE-434 6.4 Medium2024-05-24
CVE-2024-2618 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Addons for ElementorCWE-87 6.4 Medium2024-05-24
CVE-2024-1814 Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Block — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-79 6.4 Medium2024-05-23
CVE-2024-1815 Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block — Spectra Gutenberg Blocks – Website Builder for the Block EditorCWE-79 6.4 Medium2024-05-23

This page lists every published CVE security advisory associated with brainstormforce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.