Starter Templates Elementor, Gutenberg & Beaver Builder plugin by the makers of Astra Theme patched an XSS vulnerability affecting over a million websites.
The exploit allows an attacker to upload malicious scripts and could lead to a total site takeover as well as use the vulnerable website to launch attacks on all site visitors.
The templates are made to be compatible with Elementor, Gutenberg, Brizy and Beaver Builder, as well as with the Astra theme.
The Starter Templates plugin is released by Brainstorm Force, the creator of the very popular Astra WordPress theme. The plugin allows users to use over 280 WordPress templates that help speed up website development.
A Stored XSS vulnerability is particularly troublesome because the uploaded script is stored on the server of the attacked site itself.
The non-profit Open Web Application Security Project (OWASP) describes the severity of this type of XSS vulnerability on its website: “Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
