CVE-2021-4401
The CVE pertains to the WordPress Style Kits plugin, affected versions up to and including 1.8.0. The root cause is missing or incorrect nonce validation in the update_posts_stylekit() function, enabling Cross‑Site Request Forgery (CSRF). This allows unauthenticated attackers to update style kits...