CVE-2021-42360 (GCVE-0-2021-42360)
Vulnerability from cvelistv5 – Published: 2021-11-17 17:45 – Updated: 2025-02-14 17:51
VLAI?
Summary
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.
Severity ?
7.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BrainStormForce | Starter Templates — Elementor, Gutenberg & Beaver Builder Templates |
Affected:
2.7.0 , ≤ 2.7.0
(custom)
|
Credits
Ramuel Gall, Wordfence
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T17:51:54.507922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T17:51:59.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"WordPress"
],
"product": "Starter Templates \u2014 Elementor, Gutenberg \u0026 Beaver Builder Templates",
"vendor": "BrainStormForce",
"versions": [
{
"lessThanOrEqual": "2.7.0",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall, Wordfence"
}
],
"descriptions": [
{
"lang": "en",
"value": "On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-99",
"description": "CWE-99 Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T17:45:46.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Starter Templates \u2014 Elementor, Gutenberg \u0026 Beaver Builder Templates \u003c= 2.7.0 Authenticated Block Import to Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2021-42360",
"STATE": "PUBLIC",
"TITLE": "Starter Templates \u2014 Elementor, Gutenberg \u0026 Beaver Builder Templates \u003c= 2.7.0 Authenticated Block Import to Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Starter Templates \u2014 Elementor, Gutenberg \u0026 Beaver Builder Templates",
"version": {
"version_data": [
{
"platform": "WordPress",
"version_affected": "\u003c=",
"version_name": "2.7.0",
"version_value": "2.7.0"
}
]
}
}
]
},
"vendor_name": "BrainStormForce"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-99 Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-42360",
"datePublished": "2021-11-17T17:45:46.000Z",
"dateReserved": "2021-10-14T00:00:00.000Z",
"dateUpdated": "2025-02-14T17:51:59.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:brainstormforce:starter_templates:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"2.7.0\", \"matchCriteriaId\": \"9BC6AA65-6190-4F4A-A83E-9D68B81B8D49\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.\"}, {\"lang\": \"es\", \"value\": \"En los sitios que tambi\\u00e9n ten\\u00edan instalado el plugin de Elementor para WordPress, era posible que usuarios con la capacidad edit_posts, que incluye a usuarios de nivel Contributor, importaran bloques en cualquier p\\u00e1gina usando la acci\\u00f3n AJAX astra-page-elementor-batch-process. Un atacante pod\\u00eda dise\\u00f1ar y alojar un bloque que contuviera JavaScript malicioso en un servidor que controlara, y luego usarlo para sobrescribir cualquier publicaci\\u00f3n o p\\u00e1gina enviando una petici\\u00f3n AJAX con la acci\\u00f3n establecida como astra-page-elementor-batch-process y el par\\u00e1metro url apuntando a su bloque malicioso alojado remotamente, as\\u00ed como un par\\u00e1metro id que contuviera la publicaci\\u00f3n o p\\u00e1gina a sobrescribir. Cualquier entrada o p\\u00e1gina construida con Elementor, incluidas las p\\u00e1ginas publicadas, pod\\u00eda ser sobrescrita por el bloque importado, y el JavaScript malicioso del bloque importado era ejecutado entonces en el navegador de cualquier visitante de esa p\\u00e1gina\"}]",
"id": "CVE-2021-42360",
"lastModified": "2024-11-21T06:27:39.530",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"baseScore\": 7.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-11-17T18:15:08.227",
"references": "[{\"url\": \"https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/\", \"source\": \"security@wordfence.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@wordfence.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}, {\"lang\": \"en\", \"value\": \"CWE-99\"}, {\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-42360\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2021-11-17T18:15:08.227\",\"lastModified\":\"2024-11-21T06:27:39.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.\"},{\"lang\":\"es\",\"value\":\"En los sitios que tambi\u00e9n ten\u00edan instalado el plugin de Elementor para WordPress, era posible que usuarios con la capacidad edit_posts, que incluye a usuarios de nivel Contributor, importaran bloques en cualquier p\u00e1gina usando la acci\u00f3n AJAX astra-page-elementor-batch-process. Un atacante pod\u00eda dise\u00f1ar y alojar un bloque que contuviera JavaScript malicioso en un servidor que controlara, y luego usarlo para sobrescribir cualquier publicaci\u00f3n o p\u00e1gina enviando una petici\u00f3n AJAX con la acci\u00f3n establecida como astra-page-elementor-batch-process y el par\u00e1metro url apuntando a su bloque malicioso alojado remotamente, as\u00ed como un par\u00e1metro id que contuviera la publicaci\u00f3n o p\u00e1gina a sobrescribir. Cualquier entrada o p\u00e1gina construida con Elementor, incluidas las p\u00e1ginas publicadas, pod\u00eda ser sobrescrita por el bloque importado, y el JavaScript malicioso del bloque importado era ejecutado entonces en el navegador de cualquier visitante de esa p\u00e1gina\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"},{\"lang\":\"en\",\"value\":\"CWE-99\"},{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:brainstormforce:starter_templates:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"2.7.0\",\"matchCriteriaId\":\"9BC6AA65-6190-4F4A-A83E-9D68B81B8D49\"}]}]}],\"references\":[{\"url\":\"https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T03:30:38.250Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-42360\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-14T17:51:54.507922Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-14T17:51:47.016Z\"}}], \"cna\": {\"title\": \"Starter Templates \\u2014 Elementor, Gutenberg \u0026 Beaver Builder Templates \u003c= 2.7.0 Authenticated Block Import to Stored XSS\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Ramuel Gall, Wordfence\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"BrainStormForce\", \"product\": \"Starter Templates \\u2014 Elementor, Gutenberg \u0026 Beaver Builder Templates\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.7.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.7.0\"}], \"platforms\": [\"WordPress\"]}], \"references\": [{\"url\": \"https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/\", \"tags\": [\"x_refsource_MISC\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Cross-site Scripting (XSS)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-99\", \"description\": \"CWE-99 Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2021-11-17T17:45:46.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Ramuel Gall, Wordfence\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, \"source\": {\"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"WordPress\", \"version_name\": \"2.7.0\", \"version_value\": \"2.7.0\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Starter Templates \\u2014 Elementor, Gutenberg \u0026 Beaver Builder Templates\"}]}, \"vendor_name\": \"BrainStormForce\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/\", \"name\": \"https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-284 Improper Access Control\"}]}, {\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-79 Cross-site Scripting (XSS)\"}]}, {\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-99 Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-42360\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Starter Templates \\u2014 Elementor, Gutenberg \u0026 Beaver Builder Templates \u003c= 2.7.0 Authenticated Block Import to Stored XSS\", \"ASSIGNER\": \"security@wordfence.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-42360\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-14T17:51:59.040Z\", \"dateReserved\": \"2021-10-14T00:00:00.000Z\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"datePublished\": \"2021-11-17T17:45:46.000Z\", \"assignerShortName\": \"Wordfence\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…