Medium severity4.3NVD Advisory· Published Jul 12, 2023· Updated Apr 8, 2026
CVE-2021-4413
CVE-2021-4413
Description
The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected products
2cpe:2.3:a:coolplugins:process_steps_template_designer:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:coolplugins:process_steps_template_designer:*:*:*:*:*:wordpress:*:*range: <=1.2.1
- (no CPE)range: <=1.2.1
Patches
Vulnerability mechanics
References
9- plugins.trac.wordpress.org/changesetnvdPatch
- blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/nvdThird Party Advisory
- blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/nvdThird Party Advisory
- blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/nvdThird Party Advisory
- blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/nvdThird Party Advisory
- blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/nvdThird Party Advisory
- blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/nvdThird Party Advisory
- blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/a98f6a68-5863-4147-86c4-8c19af469be3nvdThird Party Advisory
News mentions
0No linked articles in our index yet.