cleantalk
Vulnerabilities and Security Researches

Starter Templates — Elementor, WordPress & Beaver Builder Templates, CVE-2025-13065

CVE, Research URL

CVE-2025-13065

Home page URL

Security reports for Starter Templates — Elementor, WordPress & Beaver Builder Templates

Application

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Published on
Dec 06, 2025
Research Description
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 4.4.42.
Status
vulnerable
Previous vulnerability researches
Arrow Maps – Custom Maps for WordPress (CVE-2025-28858) , Mar 28, 2025
New vulnerability
OpenHook (CVE-2025-62120) , Jan 10, 2026
WP Views Counter (CVE-2025-66130) , Jan 10, 2026
Gmedia Photo Gallery (CVE-2025-63014) , Jan 10, 2026
Fast User Switching (CVE-2025-68583) , Jan 10, 2026
Eyewear prescription form (CVE-2025-14366) , Jan 10, 2026