The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Brainstormforce |
|
No data.
No data.
No data.
References
History
Wed, 08 Apr 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Brainstormforce
Brainstormforce starter Templates |
|
| CPEs | cpe:2.3:a:brainstormforce:starter_templates:-:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Brainstormforce
Brainstormforce starter Templates |
|
| Metrics |
ssvc
|
Wed, 08 Apr 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-04-08T16:42:32.060Z
Reserved: 2024-05-07T21:40:49.914Z
Link: CVE-2024-4630
Vulnrichment
Updated: 2024-08-01T20:47:41.208Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:44:13.063
Modified: 2026-04-08T17:18:56.353
Link: CVE-2024-4630
Redhat
No data.
OpenCVE Enrichment
No data.