CVE-2021-42360 - On sites that also had the Elementor plugin for WordPress installed, it was possible for users with

CVE-2021-42360

Summary

On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.

References

https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/

Vulnerable Configurations

cpe:2.3:a:brainstormforce:starter_templates:-:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:-:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.0.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.1.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.15:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.2.15:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.15:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.15:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.16:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.16:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.17:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.17:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.18:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.18:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.19:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.19:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.20:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.20:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.21:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.3.21:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:1.4.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.0.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.0.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.3.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.4.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.4.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.5.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.5.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.5.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.5.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.13:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.14:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.15:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.15:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.16:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.16:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.17:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.17:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.18:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.18:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.19:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.19:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.20:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.20:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.21:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.21:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.22:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.6.22:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.7.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:brainstormforce:starter_templates:2.7.0:*:*:*:*:wordpress:*:*

CVSS

Base:	3.5 (as of 19-11-2021 - 18:15)
Impact:
Exploitability:

CWE

CWE-99

CAPEC

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
Resource Injection
An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:N/I:P/A:N

Last major update

19-11-2021 - 18:15

Published

17-11-2021 - 18:15

Last modified

19-11-2021 - 18:15