WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF)
CVE-2023-41804

7.1HIGH

Key Information:

Vendor: Wordpress
Status: Starter Templates — Elementor, WordPress & Beaver Builder Templates
Vendor: CVE Published:; 7 December 2023

Summary

The Starter Templates for Elementor and Beaver Builder, developed by Brainstorm Force, contains a Server-Side Request Forgery (SSRF) vulnerability. This flaw allows attackers to send crafted requests from the vulnerable server, potentially accessing internal systems or services that should remain protected. Versions up to 3.2.4 are susceptible, making it crucial for users of these templates to patch their installations promptly to mitigate potential security risks.

Affected Version(s)

Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 3.2.4

References

https://patchstack.com/database/vulnerability/astra-sites...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Rafie Muhammad (Patchstack)