Starter Templates
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-25106 | Cri | 0.62 | 9.6 | 0.00 | Feb 7, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP starter-templates allows Cross Site Request Forgery.This issue affects Starter Templates by FancyWP: from n/a through <= 2.0.0. | ||
| CVE-2021-42360 | Hig | 0.49 | 7.6 | 0.01 | Nov 17, 2021 | On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft… | ||
| CVE-2023-41804 | Hig | 0.46 | 7.1 | 0.00 | Dec 7, 2023 | Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. | ||
| CVE-2024-13924 | Med | 0.34 | 5.3 | 0.00 | Mar 8, 2025 | The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. This makes it possible for unauthenticated attackers to make web requests to… | ||
| CVE-2025-24568 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates astra-sites allows Cross Site Request Forgery.This issue affects Starter Templates: from n/a through <= 4.4.9. | ||
| CVE-2022-46851 | Med | 0.28 | 4.3 | 0.00 | May 23, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions. |
- risk 0.62cvss 9.6epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP starter-templates allows Cross Site Request Forgery.This issue affects Starter Templates by FancyWP: from n/a through <= 2.0.0.
- risk 0.49cvss 7.6epss 0.01
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft…
- risk 0.46cvss 7.1epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.
- risk 0.34cvss 5.3epss 0.00
The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. This makes it possible for unauthenticated attackers to make web requests to…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates astra-sites allows Cross Site Request Forgery.This issue affects Starter Templates: from n/a through <= 4.4.9.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions.