CVE-2023-34370 - Vulnerability Details - OpenCVE

ReportizFlow

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

History

Tue, 28 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description	Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.	Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-03-28T06:07:31.872Z

Updated: 2026-04-28T16:08:28.742Z

Reserved: 2023-06-02T15:45:18.619Z

Link: CVE-2023-34370

Vulnrichment

Updated: 2024-08-02T16:10:06.781Z

NVD

Status : Deferred

Published: 2024-03-28T06:15:07.717

Modified: 2026-04-28T19:20:44.297

Link: CVE-2023-34370

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-34370", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-06-02T15:45:18.619Z", "datePublished": "2024-03-28T06:07:31.872Z", "dateUpdated": "2026-04-28T16:08:28.742Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "astra-sites", "product": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates", "vendor": "Brainstorm Force", "versions": [{"changes": [{"at": "3.2.5", "status": "unaffected"}], "lessThanOrEqual": "3.2.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Premium Starter Templates", "vendor": "Brainstorm Force", "versions": [{"changes": [{"at": "3.2.5", "status": "unaffected"}], "lessThanOrEqual": "3.2.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Rafie Muhammad (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.<p>This issue affects Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:08:28.742Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to\u00a03.2.5 or a higher versions."}], "value": "Update to\u00a03.2.5 or a higher versions."}], "source": {"discovery": "EXTERNAL"}, "title": "Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T15:47:26.011519Z", "id": "CVE-2023-34370", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T21:07:39.515Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:10:06.781Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:10:06.781Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34370", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-19T15:47:26.011519Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T15:47:45.664Z"}}], "cna": {"title": "Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Rafie Muhammad (Patchstack)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brainstorm Force", "product": "Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates", "versions": [{"status": "affected", "changes": [{"at": "3.2.5", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "3.2.4"}], "packageName": "astra-sites", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}, {"vendor": "Brainstorm Force", "product": "Premium Starter Templates", "versions": [{"status": "affected", "changes": [{"at": "3.2.5", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "3.2.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to\u00a03.2.5 or a higher versions.", "supportingMedia": [{"type": "text/html", "value": "Update to 3.2.5 or a higher versions.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}, {"url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.\n\n", "supportingMedia": [{"type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.<p>This issue affects Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-03-28T06:07:31.872Z"}}}, "cveMetadata": {"cveId": "CVE-2023-34370", "state": "PUBLISHED", "dateUpdated": "2024-08-02T16:10:06.781Z", "dateReserved": "2023-06-02T15:45:18.619Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-03-28T06:07:31.872Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4."}, {"lang": "es", "value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates. Este problema afecta a Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: desde n/a hasta 3.2. 4; Premium Starter Templates: desde n/a hasta 3.2.4."}], "id": "CVE-2023-34370", "lastModified": "2026-04-28T19:20:44.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-03-28T06:15:07.717", "references": [{"source": "[email protected]", "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}, {"source": "[email protected]", "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "[email protected]", "type": "Secondary"}]}