A high-severity vulnerability has been identified in the Starter Templates plugin for WordPress, which could allow an unauthenticated attacker to upload malicious files to a target website. Successful exploitation could lead to a complete compromise of the web server, resulting in data theft, website defacement, or further attacks originating from the compromised system. Organizations using this plugin are at significant risk and should take immediate action to mitigate this threat.

The vulnerability is an arbitrary file upload weakness within the Starter Templates plugin. The plugin fails to properly validate files uploaded by users, allowing a remote attacker to upload files with dangerous extensions (e.g., .php). By uploading a malicious script, such as a web shell, an attacker can achieve remote code execution on the server, granting them the same level of permission as the web server's user account. This would allow the attacker to read, write, or delete files, access the website's database, and take full control of the affected website.

This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit could have severe consequences for the business, including:

• Data Breach: Theft of sensitive information, such as customer data, user credentials, and intellectual property.
• Reputational Damage: Website defacement or the hosting of malicious content can erode customer trust and harm the organization's brand.
• Financial Loss: Costs associated with incident response, system recovery, regulatory fines (e.g., GDPR, CCPA), and potential loss of revenue from website downtime.
• Operational Disruption: The attacker could delete critical website files or install ransomware, rendering the site and its services inoperable.

Immediate Action:

• Immediately update the "Starter Templates" plugin to the latest patched version (greater than version 4.0).
• Before updating, create a full backup of your WordPress site (files and database).
• If the plugin is not critical to business operations, consider deactivating and deleting it until it can be safely updated.
• Review WordPress security settings to ensure file permissions are hardened and unnecessary user accounts are removed.

Proactive Monitoring:

• Review web server access logs for unusual POST requests to plugin-related endpoints, especially those involving file uploads.
• Scan the file system, particularly the /wp-content/uploads/ directory, for any suspicious or unexpected files (e.g., files with .php, .phtml, .phar extensions).
• Monitor for unexpected outbound network traffic from the web server, which could indicate a web shell communicating with a command-and-control server.
• Implement a file integrity monitoring (FIM) solution to detect unauthorized changes to core WordPress files and plugins.

Compensating Controls:

• Deploy a Web Application Firewall (WAF) with rules designed to inspect and block malicious file uploads based on file type, name, and content.
• On the web server, configure file permissions for the uploads directory to prevent script execution.
• If possible, restrict access to the WordPress admin dashboard (/wp-admin/) to trusted IP addresses.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the critical impact of remote code execution, this vulnerability represents a significant threat to the organization. We strongly recommend that all WordPress sites using the Starter Templates plugin be patched immediately. Although this CVE is not currently listed on the CISA KEV catalog, its severity warrants treating it with the highest priority. After patching, a thorough review for indicators of compromise should be conducted to ensure the system was not breached before remediation was applied.