WordPress Plugin Vulnerabilities

Starter Templates <= 3.2.5 - Incorrect Authorization

Description

The Starter Templates (free and premium) plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the sse_import() function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with contributor-level access and above, to import plugin/template data.

Affects Plugins

Plugin icon
astra-pro-sites
Fixed in 3.2.6
Plugin icon
astra-sites
Fixed in 3.2.6

References

CVE
CVE-2023-41805
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd78e52-f20d-42be-8f68-3d09d5abf837

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (Medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
3399b6cd-9d5d-4e36-a527-f0a73897ee0c

Timeline

Publicly Published
2023-09-05 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2023-12-04 (about 2 years ago)

Other

Published
Title
Published
2025-12-28
Title
Strong Testimonials < 3.2.21 - Missing Authorization
Published
2025-12-11
Title
Masker for Elementor <= 1.1.4 - Missing Authorization
Published
2022-10-30
Title
Attorney <= 3 - Unauthenticated Arbitrary Page/Post Deletion
Published
2025-12-12
Title
rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function
Published
2021-11-10
Title
WP Reset Pro < 5.99 - Subscriber+ Database Reset