Vulnerabilities and security researches for astra-sites
Direction: ascendingJun 06, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates # CVE-2024-4630
- CVE, Research URL
- Date
- May 14, 2024
- Research Description
- The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Starter Templates — Elementor, WordPress & Beaver Builder Templates # CVE-2021-42360
- CVE, Research URL
- Date
- Nov 17, 2021
- Research Description
- On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Starter Templates — Elementor, WordPress & Beaver Builder Templates # CVE-2023-34370
- CVE, Research URL
- Date
- Mar 28, 2024
- Research Description
- Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Starter Templates — Elementor, WordPress & Beaver Builder Templates # CVE-2023-41804
- CVE, Research URL
- Date
- Dec 07, 2023
- Research Description
- Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Starter Templates — Elementor, WordPress & Beaver Builder Templates # CVE-2022-46851
- CVE, Research URL
- Date
- May 23, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Starter Templates — Elementor, WordPress & Beaver Builder Templates # CVE-2024-1467
- CVE, Research URL
- Date
- May 14, 2024
- Research Description
- The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 10, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates # CVE-2023-41805
- CVE, Research URL
- Date
- Jun 19, 2024
- Research Description
- Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Sep 30, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates # CVE-2024-47345
- CVE, Research URL
- Date
- -
- Research Description
- Starter Templates — Elementor, WordPress & Beaver Builder Templates [astra-sites] < 4.4.1 CVE-2024-47345
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Dec 24, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates # PSC-2024-64540
- PSC, Research URL
- Date
- -
- Research Description
- Starter Templates is a powerful AI-driven plugin designed to simplify website creation for WordPress users. By leveraging artificial intelligence, it enables users to generate fully-functional, aesthetically pleasing websites in just minutes. The plugin supports popular page builders such as Elementor, Beaver Builder, and Gutenberg, and comes with an extensive library of templates, block patterns, and royalty-free images. While its features are undoubtedly impressive, this article focuses on the code security aspects of Starter Templates to ensure its reliability in secure environments.
- Affected versions
-
Min -, max -.
- Status
-
SAFE & CERTIFIED