Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin

The Starter Templates plugin allows site owners to import prebuilt templates and blocks for various page builders, including Elementor.

Starter Templates plugin, which is installed on over 1 Million WordPress websites was found to have a vulnerability which could allow for malicious javascript to be inserted and then used to overwrite any post or page by sending an AJAX request.

(The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder Templates”)

Versions 2.7.0 and older of this plugin contain a vulnerability that allows Contributor-level users to completely overwrite any page on the site with malicious JavaScript.

Full details at: https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/

Posted in Hack, Vulnerability.