CVE-2024-4630 – Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-4630
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Starter Templates — Elementor, WordPress & Beaver Builder Templates para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de la función 'custom_upload_mimes' en versiones hasta la 4.2.0 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/browser/astra-sites/tags/4.2.0/inc/importers/wxr-importer/class-astra-wxr-importer.php#L416 https://plugins.trac.wordpress.org/changeset/3084334 https://www.wordfence.com/threat-intel/vulnerabilities/id/25edb9e8-65ea-41d1-a95f-09be110ec1d2?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-1467 – Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-1467
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. El complemento Starter Templates — Elementor, WordPress & Beaver Builder Templates para WordPress es vulnerable a Server Side Request Forgery en todas las versiones hasta la 4.1.6 incluida a través de ai_api_request(). Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, realicen solicitudes web a ubicaciones arbitrarias que se originen en la aplicación web y puedan usarse para consultar y modificar información de servicios internos. • https://plugins.trac.wordpress.org/changeset/3074863/astra-sites/tags/4.1.7/inc/classes/class-astra-sites-importer.php https://plugins.trac.wordpress.org/changeset/3074863/astra-sites/tags/4.1.7/inc/classes/class-astra-sites.php https://www.wordfence.com/threat-intel/vulnerabilities/id/cf5075f9-9658-4a09-bd38-34a72f6560f4?source=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-41804 – WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-41804
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates. Este problema afecta a Starter Templates — Elementor, WordPress & Beaver Builder Templates: desde n/a hasta 3.2.4. The Starter Templates (free and premium) plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.2.4 via the remote_request. This can allow authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-46851 – WordPress Starter Templates Plugin <= 3.1.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46851
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions. The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.20. This is due to missing or incorrect nonce validation on the add_to_favorite function. This makes it possible for unauthenticated attackers to set a Starter Template as favorite via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-elementor-wordpress-beaver-builder-templates-plugin-3-1-20-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-42360 – Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 Authenticated Block Import to Stored XSS
https://notcve.org/view.php?id=CVE-2021-42360
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page. En los sitios que también tenían instalado el plugin de Elementor para WordPress, era posible que usuarios con la capacidad edit_posts, que incluye a usuarios de nivel Contributor, importaran bloques en cualquier página usando la acción AJAX astra-page-elementor-batch-process. Un atacante podía diseñar y alojar un bloque que contuviera JavaScript malicioso en un servidor que controlara, y luego usarlo para sobrescribir cualquier publicación o página enviando una petición AJAX con la acción establecida como astra-page-elementor-batch-process y el parámetro url apuntando a su bloque malicioso alojado remotamente, así como un parámetro id que contuviera la publicación o página a sobrescribir. • https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-284: Improper Access Control CWE-862: Missing Authorization •