Skip to main content

Astra

2 CVEs product

Monthly

CVE-2023-49830 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.3.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Astra
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2021-24507 CRITICAL POC THREAT Act Now

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Astra
NVD WPScan
CVSS 3.1
9.8
EPSS
11.0%
EPSS 1% CVSS 9.9
CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.3.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Astra
NVD
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Act Now

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Astra
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy