CVE-2021-42360 Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 Authenticated Block Import to Stored XSS

On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the editposts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block...

Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin

On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder...

WordPress Starter Templates plugin <= 2.7.0 - Authenticated Block Import leading to Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Block Import leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Starter Templates plugin versions = 2.7.0. Solution Update the WordPress Starter Templates plugin to the latest available version at least 2.7.1...