WordPress Starter Templates plugin <= 2.7.0 - Authenticated Block Import leading to Stored Cross-Site Scripting (XSS) vulnerability

2021-11-1100:00:00

Ramuel Gall

patchstack.com

wordpress starter templates

authenticated block import

stored cross-site scripting

ramuel gall

update

EPSS

0.001

Percentile

24.8%

JSON

Authenticated Block Import leading to Stored Cross-Site Scripting (XSS) vulnerability discovered by Ramuel Gall in WordPress Starter Templates plugin (versions <= 2.7.0).

Solution

           Update the WordPress Starter Templates plugin to the latest available version (at least 2.7.1).

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42360

wordpress.org/plugins/astra-sites/#developers

www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/

EPSS

0.001

Percentile

24.8%

JSON

Related for PATCHSTACK:F56B259FC8E081F79843CEAD4C83AF05