Stored Cross Site Scripting Vulnerability in WordPress plugin “Starter Templates”
Original Issue Date: November 17, 2021
Severity Rating: HIGH
Software Affected
Word Press Starter Templates Plugin Version 2.7.0 and earlier
Overview
A vulnerability has been reported in Starter Templates plugin for Word press which could allow remote attacker to perform cross site scripting attack on the targeted system.
Description
This vulnerability exists in Word Press due to improper nonce check by “elementor_batch_process” function associated with AJAX action. A remote attacker could exploit this vulnerability by crafting and hosting a block containing malicious JavaScript on a server.
Successful exploitation of this vulnerability could allow the attacker to perform cross site scripting attacks that lead to total site takeover and perform further attacks on the site visitors.
Solution
https://wordpress org/plugins/astra-sites