Monday, June 29, 2026

WordPress template plugin vulnerability attacks more than 1 million sites


Starter templates-Elementor, Gutenberg, and Beaver Builder template plugins provided by the Astra WordPress theme publisher contain a vulnerability that affects more than one million websites. This vulnerability allows attackers to upload malicious scripts, take over the site and attack visitors to vulnerable sites.

Starter templates — Elementor, Gutenberg, and Beaver Builder templates

The starter template plugin is published by Brainstorm Force, the maker of the popular Astra WordPress theme. The plugin allows users to use more than 280 WordPress templates to help speed up website development.

These templates are compatible with Elementor, Gutenberg, Brizy and Beaver Builder, and Astra themes.

advertise

Keep reading below

The plug-in is installed in more than one million websites.

Store cross-site scripting (XSS) vulnerabilities

Brainstorm Force’s Starter Templates plug-in was discovered by Wordfence security researchers and contained a vulnerability that allowed attackers to upload malicious scripts, which were stored on the website itself.

Stored XSS vulnerabilities are particularly troublesome because the uploaded script is stored on the server of the attacked site itself.

The non-profit Open Web Application Security Project (OWASP) describes This kind of XSS vulnerability On their website:

“Storage attacks are attacks that permanently store injected scripts on the target server, such as databases, message forums, visitor logs, comment fields, etc.

The victim then retrieves the malicious script from the server when requesting the stored information. “

advertise

Keep reading below

Website takeovers and attacks on website visitors

This vulnerability could lead to a complete takeover of the site and use a vulnerable website to launch attacks on all site visitors.

According to Wordfence’s report:

“An attacker can make and host a block containing malicious JavaScript on a server they control, and then use it to overwrite any post or page…

Any post or page built with Elementor, including published pages, may be overwritten by the imported block, and then the malicious JavaScript in the imported block will be executed in the browser of any visitor to the page.

This can be used to redirect site visitors to malicious sites, or hijack the administrator’s session to create a new malicious administrator or add a backdoor to the site, resulting in the site being taken over. “

Starter template plugin has been fixed

Wordfence notified the publisher of the Starter Templates plug-in of the vulnerability, and they immediately patched the plug-in in version 2.7.1.

public Starter Templates plugin change log Accurately record the patch:

v2.7.1-October 7, 2021
– Security improvements: Verify site URL before processing import request.
– Security improvements: updated the correct file upload permissions before importing images.

Honest change logs like those published by Brainstorm Force are a hallmark of quality publishers, and it’s great to see that they are open to solving security issues.

Wordfence recommends that publishers update their plug-ins

Wordfence recommends that all publishers using this plug-in update the plug-in to the latest version 2.7.5, because this latest version also contains important bug fixes.

advertise

Keep reading below





Source link

Related articles

Most Popular Baby Names 2024: Top Picks

Join us as we explore the captivating world of the most popular baby names for 2024! Which name will you choose...

Most Popular Baby Names 2024: Top Picks

Join us as we explore the captivating world of the most popular baby names for 2024! Which name will you choose...

How to Settle a Colic Baby: Proven Tips

Eager to discover effective ways to calm your colicky baby? From soothing techniques to critical consultation cues, let's explore what...

What Is Colic in Babies: Key Facts Revealed

Understanding what colic in babies truly entails can be a challenge for many parents. As the evening wears on, and the baby's cries reach a crescendo, an urgent question looms in the air: what now?

The 7 Best Ways to Gain Popularity

Online searches are often not the starting point...
spot_imgspot_img