The Starter Templates plugin for Elementor, Gutenberg, and Beaver Builder, published by the creators of the Astra WordPress theme, has a vulnerability affecting over a million websites. This exploit allows an attacker to upload malicious scripts, leading to a complete site takeover and attacks on visitors to the compromised site.
Starter Templates — Elementor, Gutenberg & Beaver Builder Templates
The Starter Templates plugin is developed by Brainstorm Force, the team behind the popular Astra WordPress theme. The plugin provides users access to over 280 WordPress templates, facilitating faster website development.
The templates are compatible with Elementor, Gutenberg, Brizy, and Beaver Builder, as well as the Astra theme.
The plugin is installed on over one million websites.
Stored Cross Site Scripting (XSS) Vulnerability
Security researchers at Wordfence identified a vulnerability in the Starter Templates plugin by Brainstorm Force. This vulnerability allows an attacker to upload a malicious script that becomes stored on the site itself.
A Stored XSS vulnerability is particularly concerning because the malicious script is stored on the server of the compromised site.
The non-profit Open Web Application Security Project (OWASP) explains the gravity of this XSS vulnerability:
“Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, message forum, visitor log, comment field, etc.
The victim then retrieves the malicious script from the server when it requests the stored information.”
Website Takeover and Attacks on Site Visitors
This vulnerability can lead to a complete site takeover and allow the compromised website to launch attacks on its visitors.
According to the report by Wordfence:
“An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page…
Any post or page built with Elementor, including published pages, could be overwritten by the imported block, executing the malicious JavaScript in the browser of any visitors to that page.
This could redirect site visitors to malicious websites or hijack an administrator’s session, creating a new malicious administrator or adding a backdoor to the site, leading to a complete site takeover.”
Starter Templates Plugin Fixed
Wordfence notified the publishers of the Starter Templates plugin about the vulnerability, and they promptly patched the plugin in version 2.7.1.
The public changelog for the Starter Templates plugin notes the patch:
v2.7.1 – 7-October-2021
– Security Improvement: Validate the site URL before processing the import request.
– Security Improvement: Updated right file upload permission before importing images.
An honest changelog like the one from Brainstorm Force indicates a quality publisher, and it’s commendable to see them being transparent about resolving security issues.
Wordfence Advises that Publishers Update Their Plugin
Wordfence recommends that all users of this plugin update to the latest version, 2.7.5, as it includes important bug fixes along with security improvements.
Citation
Read the Wordfence Report on the Starter Template Vulnerability
Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin
