December 2, 2021
Starter Templates WordPress Plugin Vulnerability Susceptible to Complete Page Rewrites

Another WordPress Plugin Contains a Dangerous Vulnerability, putting a Million Sites at Risk

WordPress plugin Starter Templates – Elementor, Gutenberg & Beaver Builder Templates contained a serious security flaw for total site takeover…

WordPress remains one of the single-most popular CMS or content management systems on the internet. Prior to its introduction, changing pages required doing so one by one manually. So, it’s little wonder why it quickly became a web-builder favorite. Plugins provide specific functions, saving site owners from additional coding. But, sometimes, plugins can be susceptible to threat actors. And, that’s the case with another plugin, called Starter Templates – Elementor, Gutenberg & Beaver Builder Templates.

Starter Templates WordPress Plugin Vulnerability Susceptible to Complete Page Rewrites

The WordPress plugin allows site owners to integrate prebuilt templates for other website builders, such as Elementor. For sites with this builder installed, Wordfence discusses an example, it was possible for users with the edit_post capability (such as contributors), to import blocks on the pages through the astra-page-elementor-batch-process AJAX action.

Fortunately, it was discovered on October 4th and patched three days later on October 7th. However, many sites are likely still running version 2.7.0 or older. Any web property with this version or early installed remains at risk. So, it’s necessary to update the plugin to at least version 2.7.5 in order to be safe.

William Boleys

Will is an experienced freelance writer who covers a wide range of topics, including apps, social media, and search.

View all posts by William Boleys →