Unrestricted Zip AI token overwrite via GET parameters (missing nonce)

The Starter Templates (Astra Sites) plugin saved Zip AI auth tokens (token, credit_token, email) from URL query parameters when an admin visited the Starter Templates page (themes.php?page=starter-templates). The handler did not check a nonce or other CSRF protection. An attacker could send a logged-in admin a link containing crafted token, credit_token, and email values; if the admin opened it, the plugin would overwrite the site’s Zip AI settings with the attacker’s values, leading to authentication takeover or abuse of the Zip AI integration.

This vulnerability affects the following application versions:

• Starter Templates – AI-Powered Templates 0.4.4.0
• Starter Templates – AI-Powered Templates 4.0.0
• Starter Templates – AI-Powered Templates 4.0.1
• Starter Templates – AI-Powered Templates 4.0.2
• Starter Templates – AI-Powered Templates 4.0.3
• Starter Templates – AI-Powered Templates 4.0.4
• Starter Templates – AI-Powered Templates 4.0.5
• Starter Templates – AI-Powered Templates 4.0.6
• Starter Templates – AI-Powered Templates 4.0.7
• Starter Templates – AI-Powered Templates 4.0.8
• Starter Templates – AI-Powered Templates 4.0.9
• Starter Templates – AI-Powered Templates 4.0.10
• Starter Templates – AI-Powered Templates 4.0.11
• Starter Templates – AI-Powered Templates 4.0.12
• Starter Templates – AI-Powered Templates 4.0.13
• Starter Templates – AI-Powered Templates 4.1.0
• Starter Templates – AI-Powered Templates 4.1.1
• Starter Templates – AI-Powered Templates 4.1.2
• Starter Templates – AI-Powered Templates 4.1.3
• Starter Templates – AI-Powered Templates 4.1.4
• Starter Templates – AI-Powered Templates 4.1.5
• Starter Templates – AI-Powered Templates 4.1.6
• Starter Templates – AI-Powered Templates 4.1.7
• Starter Templates – AI-Powered Templates 4.2.0
• Starter Templates – AI-Powered Templates 4.2.1
• Starter Templates – AI-Powered Templates 4.2.2
• Starter Templates – AI-Powered Templates 4.2.3
• Starter Templates – AI-Powered Templates 4.2.4
• Starter Templates – AI-Powered Templates 4.2.5
• Starter Templates – AI-Powered Templates 4.2.6
• Starter Templates – AI-Powered Templates 4.3.0
• Starter Templates – AI-Powered Templates 4.3.1
• Starter Templates – AI-Powered Templates 4.3.2
• Starter Templates – AI-Powered Templates 4.3.3
• Starter Templates – AI-Powered Templates 4.3.4
• Starter Templates – AI-Powered Templates 4.3.5
• Starter Templates – AI-Powered Templates 4.3.6
• Starter Templates – AI-Powered Templates 4.3.7
• Starter Templates – AI-Powered Templates 4.3.8
• Starter Templates – AI-Powered Templates 4.3.9
• Starter Templates – AI-Powered Templates 4.4.0
• Starter Templates – AI-Powered Templates 4.4.1
• Starter Templates – AI-Powered Templates 4.4.2
• Starter Templates – AI-Powered Templates 4.4.3
• Starter Templates – AI-Powered Templates 4.4.4
• Starter Templates – AI-Powered Templates 4.4.5
• Starter Templates – AI-Powered Templates 4.4.6
• Starter Templates – AI-Powered Templates 4.4.7
• Starter Templates – AI-Powered Templates 4.4.8
• Starter Templates – AI-Powered Templates 4.4.9