Starter Templates — Elementor, Gutenberg & Beaver Builder Templates plugin by the publishers of the Astra WordPress theme contains a vulnerability affecting over a million websites. The exploit allows an attacker to upload malicious scripts, stage a total site takeover and attack visitors to the vulnerable website.
Starter Templates — Elementor, Gutenberg & Beaver Builder Templates
The Starter Templates plugin is published by Brainstorm Force, the makers of the wildly popular Astra WordPress theme. The plugin allows users to use over 280 WordPress templates that help speed up website development.
The templates are made to be compatible with Elementor, Gutenberg, Brizy and Beaver Builder, as well as with the Astra theme.
Advertisement
Continue Reading Below
The plugin is installed in over one million websites.
Stored Cross Site Scripting (XSS) Vulnerability
The Starter Templates plugin by Brainstorm Force was discovered by security researchers at Wordfence to contain a type of vulnerability that allows an attacker to upload a malicious script that is in turn stored on the website itself.
A Stored XSS vulnerability is particularly troublesome because the uploaded script is stored on the server of the attacked site itself.
The non-profit Open Web Application Security Project (OWASP) describes the seriousness of this kind of XSS vulnerability on their website: