CVE-2024-1467

Name of the Vulnerable Software and Affected Versions The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress versions up to, and including, 4.1.6

Description The issue allows authenticated attackers with contributor-level access and above to perform Server-Side Request Forgery via the ai api request() function. This enables them to make web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services.

Recommendations For versions up to, and including, 4.1.6, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the ai api request() function to minimize the risk of exploitation.