CVE-2021-4413: CSRF
First published: Wed Jul 12 2023(Updated: )
The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Coolplugins Process Steps Template Designer | <=1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
- https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2473649%40process-steps-template-designer&new=2473649%40process-steps-template-designer&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a98f6a68-5863-4147-86c4-8c19af469be3?source=cve
Frequently Asked Questions
What is the severity of CVE-2021-4413?
The severity of CVE-2021-4413 is considered important due to its potential impact on the security of WordPress sites.
How do I fix CVE-2021-4413?
To fix CVE-2021-4413, you should update the Process Steps Template Designer plugin to version 1.2.2 or later.
Who is affected by CVE-2021-4413?
CVE-2021-4413 affects users of the Process Steps Template Designer plugin for WordPress running versions up to and including 1.2.1.
What type of vulnerability is CVE-2021-4413?
CVE-2021-4413 is a Cross-Site Request Forgery vulnerability that allows unauthenticated attackers to perform actions on behalf of users.
Can I exploit CVE-2021-4413 if I'm authenticated?
No, CVE-2021-4413 specifically allows unauthenticated attackers to exploit the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-latest
- agent/author
- vendor/coolplugins
- canonical/coolplugins process steps template designer
- version/coolplugins process steps template designer/1.2.1