The Starter Templates plugin by Brainstorm Force was discovered by security researchers at Wordfence to contain a type of vulnerability that allows an attacker to upload a malicious script that is in turn stored on the website itself.
This popular plugin allows users to use over 280 WordPress templates that help speed up website development.
The templates are made to be compatible with Elementor, Gutenberg, Brizy and Beaver Builder, as well as with the Astra theme.
Stored Cross Site Scripting (XSS) Vulnerability
A Stored XSS vulnerability is particularly troublesome because the uploaded script is stored on the server of the attacked site itself.
The vulnerability could lead to a total site takeover as well as use the vulnerable website to launch attacks on all site visitors.
Wordfence recommends that all publishers using this plugin to update to the very latest version of the plugin since the newest version also contains important bug fixes.
For more information, please visit the Wordfence report: