CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-49830

CVSS 9.9v3.1pub. 2023-12-29upd. 2026-04-28

Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.

🤖 AI Analysis
How it works

The vulnerability results from improper code generation control (CWE-94), which classifies it as code injection. An attacker with Contributor privileges can supply a crafted payload to the application, which will be executed as server-side code. Due to the network vector (AV:N), low attack complexity (AC:L) and changed scope (S:C), the consequences of malicious code execution can extend beyond the plugin itself and affect the entire server.

Impact

An attacker can gain full control over the server — read, modify or delete data, and potentially take over the entire WordPress service. The compromise affects confidentiality, integrity and availability of the system at the highest level.

Mitigation & patch

The Astra Pro plugin must be immediately updated to a version higher than 4.3.1, in accordance with the manufacturer's information and the Patchstack database. It is also recommended to review user accounts with the Contributor role and above for unauthorized changes.

Who is affected

Brainstorm Force Astra Pro plugin in all versions from the beginning up to and including 4.3.1.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Brainstormforce Astra

    APP
    Brainstormforce
    ≤ 4.3.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-24507CRITICAL9.8ten sam produkt

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST paramet...

CVE-2023-44148MEDIUM5.4ten sam produkt

Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: fr...

CVE-2025-6691HIGH8.1ten sam vendor

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file ...

CVE-2025-6742HIGH7.5ten sam vendor

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Inje...

CVE-2024-37455HIGH8.8ten sam vendor

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege...