cbcvebase.

Brainstormforce Astra vulnerabilities

5 known vulnerabilities affecting brainstormforce/astra.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-24507P2CRITICALCVSS 9.8fixed in 3.5.22021-08-09
CVE-2021-24507 [CRITICAL] CWE-89 CVE-2021-24507: The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the PO The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues
nvd
CVE-2023-49830P3HIGHCVSS 8.8≤ 4.3.12023-12-29
CVE-2023-49830 [HIGH] CWE-94 CVE-2023-49830: Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pr Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
nvd
CVE-2023-44148P3HIGHCVSS 8.8fixed in 1.2.82024-06-19
CVE-2023-44148 [HIGH] CWE-862 CVE-2023-44148: Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bul Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.
nvd
CVE-2026-3534P4MEDIUMCVSS 6.4≤ 4.12.32026-03-11
CVE-2026-3534 [MEDIUM] CWE-79 CVE-2026-3534: The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-backgro The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-background-meta` and `ast-content-background-meta` post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escaping in the `astra_get_responsive_background_obj()` func
nvd
CVE-2024-2347P4MEDIUMCVSS 6.4≤ 4.6.82024-04-09
CVE-2024-2347 [MEDIUM] CWE-79 CVE-2024-2347: The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execu
nvd
Brainstormforce Astra vulnerabilities | cvebase