Skip to main content

Spectra

13 CVEs product

Monthly

CVE-2026-42648 MEDIUM This Month

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22.

Authentication Bypass Spectra
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-10484 MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Spectra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37517 HIGH This Week

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.13.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Spectra
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3827 MEDIUM This Month

The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Spectra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4366 MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Spectra
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1815 MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Spectra
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1814 MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Spectra
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3107 MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal WordPress PHP Spectra
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-6486 MEDIUM POC PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Spectra
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-36679 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.6.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Spectra
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-49833 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra - WordPress Gutenberg Blocks allows Stored XSS.7.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Spectra
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2020-36702 MEDIUM POC This Month

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Spectra
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2020-25966 HIGH POC This Week

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Spectra
NVD
CVSS 3.1
7.5
EPSS
1.4%
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22.

Authentication Bypass Spectra
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Spectra
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.13.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Spectra
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Spectra
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Spectra
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Spectra
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Spectra
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal WordPress PHP +1
NVD
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Spectra
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.6.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Spectra
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra - WordPress Gutenberg Blocks allows Stored XSS.7.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Spectra
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Spectra
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Spectra
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy