3 matches found
CVE-2021-4401
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...
CVE-2021-4401
The CVE pertains to the WordPress Style Kits plugin, affected versions up to and including 1.8.0. The root cause is missing or incorrect nonce validation in the update_posts_stylekit() function, enabling Cross‑Site Request Forgery (CSRF). This allows unauthenticated attackers to update style kits...
CVE-2021-4401 Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...