Vulnerabilities (CVE)

Filtered by vendor Brainstormforce Subscribe
Filtered by product Astra
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-49830 1 Brainstormforce 1 Astra 2024-01-05 N/A 8.8 HIGH
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
CVE-2021-24507 1 Brainstormforce 1 Astra 2023-12-10 7.5 HIGH 9.8 CRITICAL
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues