| CVE/PSC | Application | Date | Affected versions | Description |
|---|---|---|---|---|
| Actual on: May 19, 2025, 06:05:05 | Entries count: 10 | |||
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
vulnerable
|
Jun 10, 2024, 12:06:28 |
Min -
Max 3.2.6
|
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5. | |
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
vulnerable
|
Sep 30, 2024, 14:09:37 |
Min -
Max 4.4.1
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Starter Templates allows Stored XSS.This issue affects Starter Templates: from n/a through 4.4.0. | |
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
SAFE & CERTIFIED
|
Dec 24, 2024, 18:12:29 |
Min 4.4.9
Max 4.4.20
|
Starter Templates is a powerful AI-driven plugin designed to simplify website creation for WordPress users. By leveraging artificial intelligence, it enables users to generate fully-functional, aesthetically pleasing websites in just minutes. The plugin supports popular page builders such as Elementor, Beaver Builder, and Gutenberg, and comes with an extensive library of templates, block patterns, and royalty-free images. While its features are undoubtedly impressive, this article focuses on the code secur... | |
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
vulnerable
|
Jan 25, 2025, 21:01:03 |
Min -
Max 4.4.10
|
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows Cross Site Request Forgery. This issue affects Starter Templates: from n/a through 4.4.9. | |
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
vulnerable
|
Jun 06, 2024, 23:06:19 |
Min -
Max 4.2.2
|
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
vulnerable
|
Jun 06, 2024, 23:06:19 |
Min -
Max 2.7.1
|
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter p... | |
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
vulnerable
|
Jun 06, 2024, 23:06:19 |
Min -
Max 3.2.5
|
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4. | |
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
vulnerable
|
Jun 06, 2024, 23:06:19 |
Min -
Max 3.2.5
|
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. | |
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
vulnerable
|
Jun 06, 2024, 23:06:19 |
Min -
Max 3.1.21
|
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions. | |
|
Starter Templates — Elementor, WordPress & Beaver Builder Templates
vulnerable
|
Jun 06, 2024, 23:06:19 |
Min -
Max 4.1.7
|
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |