CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Configurations

Configuration 1 (hide)

cpe:2.3:a:coolplugins:process_steps_template_designer:*:*:*:*:*:wordpress:*:*

History

07 Nov 2023, 03:40

Type Values Removed Values Added
CWE CWE-352

18 Jul 2023, 18:39

Type Values Removed Values Added
First Time Coolplugins process Steps Template Designer
Coolplugins
CPE cpe:2.3:a:coolplugins:process_steps_template_designer:*:*:*:*:*:wordpress:*:*
References (MISC) https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ - (MISC) https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ - Third Party Advisory
References (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ - (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ - Third Party Advisory
References (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ - (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ - Third Party Advisory
References (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2473649%40process-steps-template-designer&new=2473649%40process-steps-template-designer&sfp_email=&sfph_mail= - (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2473649%40process-steps-template-designer&new=2473649%40process-steps-template-designer&sfp_email=&sfph_mail= - Patch
References (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ - (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ - Third Party Advisory
References (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ - (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ - Third Party Advisory
References (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ - (MISC) https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ - Third Party Advisory
References (MISC) https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ - (MISC) https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ - Third Party Advisory
References (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/a98f6a68-5863-4147-86c4-8c19af469be3?source=cve - (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/a98f6a68-5863-4147-86c4-8c19af469be3?source=cve - Third Party Advisory

12 Jul 2023, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-12 04:15

Updated : 2024-02-28 20:13


NVD link : CVE-2021-4413

Mitre link : CVE-2021-4413

CVE.ORG link : CVE-2021-4413


JSON object : View

Products Affected

coolplugins

  • process_steps_template_designer
CWE

No CWE.