MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2023-41805

CVSS 6.5v3.1pub. 2024-06-19upd. 2024-11-21

Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • Brainstormforce Starter Templates

    APP
    Brainstormforce
    < 3.2.6
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-41804HIGH7.1ten sam produkt

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress ...

CVE-2021-42360HIGH7.6ten sam produkt

On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_p...

CVE-2022-46851MEDIUM4.3ten sam produkt

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 version...

CVE-2023-49830CRITICAL9.9PL ✓ten sam vendor

RCE w Astra Pro – code injection dostępny dla zalogowanych użytkowników

CVE-2021-24507CRITICAL9.8ten sam vendor

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST paramet...