CVE-2026-3534
- EPSS 0.2%
- Veröffentlicht 11.03.2026 06:45:31
- Zuletzt bearbeitet 22.04.2026 21:27:27
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-background-meta` and `ast-content-background-meta` post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitizat...
CVE-2023-44148
- EPSS 0.39%
- Veröffentlicht 19.06.2024 12:15:10
- Zuletzt bearbeitet 21.11.2024 08:25:19
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.
CVE-2024-2347
- EPSS 0.35%
- Veröffentlicht 09.04.2024 19:15:33
- Zuletzt bearbeitet 15.04.2026 00:35:42
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta...
CVE-2024-29768
- EPSS 0.36%
- Veröffentlicht 27.03.2024 13:15:47
- Zuletzt bearbeitet 28.04.2026 19:23:46
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4.
CVE-2023-49830
- EPSS 0.66%
- Veröffentlicht 29.12.2023 10:15:10
- Zuletzt bearbeitet 28.04.2026 19:22:28
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
CVE-2021-24507
- EPSS 11.3%
- Veröffentlicht 09.08.2021 10:15:07
- Zuletzt bearbeitet 21.11.2024 05:53:12
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated u...