CVE-2023-41804
📋 TL;DR
This Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates plugin allows attackers to make unauthorized requests from the vulnerable WordPress server to internal or external systems. It affects WordPress sites using the Starter Templates plugin for Elementor, WordPress, or Beaver Builder templates. Attackers can potentially access internal services, perform port scanning, or interact with cloud metadata services.
💻 Affected Systems
- Starter Templates — Elementor, WordPress & Beaver Builder Templates
📦 What is this software?
Starter Templates by Brainstormforce
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access internal network services, cloud metadata APIs (exposing credentials), perform port scanning, or use the vulnerable server as a proxy for attacks against other systems.
Likely Case
Information disclosure from internal services, reconnaissance of internal network, or abuse of the server as a proxy for malicious requests.
If Mitigated
Limited impact if network segmentation restricts internal access and external requests are filtered, though the vulnerability still exists.
🎯 Exploit Status
SSRF vulnerabilities are commonly exploited and weaponized. Public proof-of-concept exists according to references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.5 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Starter Templates' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.2.5+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the Starter Templates plugin until patched
wp plugin deactivate astra-sites
Network restrictions
allImplement network egress filtering to restrict outbound requests from web servers
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SSRF patterns
- Restrict server outbound network access to only required services
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Starter Templates' versionCheck Version:
wp plugin get astra-sites --field=versionVerify Fix Applied:
Verify plugin version is 3.2.5 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from web server to internal IPs
- Requests to cloud metadata endpoints (169.254.169.254, etc.)
- Multiple failed connection attempts to various ports
Network Indicators:
- Web server making unexpected outbound connections
- Requests to internal network ranges from web server
SIEM Query:
source="web_server_logs" AND (dest_ip=169.254.169.254 OR dest_ip IN [RFC1918 ranges]) AND user_agent CONTAINS "WordPress"🔗 References
- https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
