4 results (0.005 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates. Este problema afecta a Starter Templates — Elementor, WordPress & Beaver Builder Templates: desde n/a hasta 3.2.4. The Starter Templates (free and premium) plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.2.4 via the remote_request. This can allow authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions. The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.20. This is due to missing or incorrect nonce validation on the add_to_favorite function. This makes it possible for unauthenticated attackers to set a Starter Template as favorite via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-elementor-wordpress-beaver-builder-templates-plugin-3-1-20-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. El complemento Starter Templates by Kadence WP de WordPress anterior a 1.2.17 deserializa el contenido de un archivo importado, lo que podría provocar problemas de inyección de objetos PHP cuando un administrador importa (intencionalmente o no) un archivo malicioso y una cadena de gadgets adecuada está presente en el blog. The Starter Templates by Kadence WP plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2.16 via the 'import_customizer_options' function. This allows authenticated users with administratior-level capabilities to inject a PHP Object. No POP chain is present in the vulnerable plugin. • https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1

On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page. En los sitios que también tenían instalado el plugin de Elementor para WordPress, era posible que usuarios con la capacidad edit_posts, que incluye a usuarios de nivel Contributor, importaran bloques en cualquier página usando la acción AJAX astra-page-elementor-batch-process. Un atacante podía diseñar y alojar un bloque que contuviera JavaScript malicioso en un servidor que controlara, y luego usarlo para sobrescribir cualquier publicación o página enviando una petición AJAX con la acción establecida como astra-page-elementor-batch-process y el parámetro url apuntando a su bloque malicioso alojado remotamente, así como un parámetro id que contuviera la publicación o página a sobrescribir. • https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-284: Improper Access Control CWE-862: Missing Authorization •