WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...

WordPress Starter Templates plugin <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via WXR Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Starter Templates versions = 4.4.41...

CVE-2025-13065

The CVE-2025-13065 vulnerability affects the WordPress Starter Templates plugin (versions up to and including 4.4.41). Root cause: insufficient file-type validation for WXR uploads allows double extensions to bypass sanitization, enabling an authenticated attacker with author-level access or high...

CVE-2025-24568 WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force Starter Templates astra-sites allows Cross Site Request Forgery.This issue affects Starter Templates: from n/a through = 4.4.9...

CVE-2025-24568

CVE-2025-24568 is a CSRF vulnerability affecting the Brainstorm Force Starter Templates plugin for WordPress, reported for versions up to 4.4.9. The NVD entry and PatchStack reference confirm the issue and CVSS v3.1 characteristics: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, base score 4.3 (Medium). Th...

WordPress Starter Templates plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by wcraft Patchstack Alliance in WordPress Plugin Starter Templates versions = 4.4.0...

WordPress Starter Templates Plugin <= 4.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Starter Templates Type Plugin Vulnerable versions = 4.4.0 Fixed in 4.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID faea2a68ca24 Credits wcraft Required privilege Author...

WordPress Starter Templates Plugin <= 4.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Starter Templates Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4630 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 24edcd535038 Credits wesley wcraft Required...

WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)

Software Starter Templates Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-41804 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9a3308ad9975 Credits Rafie Muhammad...

WordPress Starter Templates plugin <= 2.7.0 - Authenticated Block Import leading to Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Block Import leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Starter Templates plugin versions = 2.7.0. Solution Update the WordPress Starter Templates plugin to the latest available version at least 2.7.1...