Process Steps Template Designer < 1.3 – CSRF to Stored Cross-Site Scripting (XSS) | CVE 2021-4349 | Plugin Vulnerabilities

Description

The plugin did not properly check its CSRF nonce in the Font_Awesome_Field.save() method, which could allow attackers to make logged in users capable of editing posts change the Step Icon of arbitrary Process Steps. Due to the lack of sanitisation of the submitted Step icon value, it could also lead to a Stored XSS issue

Proof of Concept

Submit the request without the fa_field_icon_nonce to bypass the CSRF check

For XSS, fa_field_icon=%22%3e%3cimg%20src%20onerror%3dalert(%2fXSS%2f)%3e

Affects Plugins

process-steps-template-designer

Fixed in 1.3

References

CVE

CVE

URL

https://plugins.trac.wordpress.org/changeset/2473649/

URL

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Submitter

WPScanTeam

Verified

Yes

WPVDB ID

9571540f-19ed-47ca-b9ae-20f2713f7fa4

Timeline

Publicly Published

2021-02-17 (about 5 years ago)

Added

2021-02-17 (about 5 years ago)

Last Updated

2023-07-12 (about 2 years ago)

Other

Published

Title

Published

2023-04-06

Title

WP Fatest Cache < 1.1.3 - Multiple CSRF

Published

2025-03-03

Title

Recapture for WooCommerce < 1.0.44 - Cross-Site Request Forgery to Settings Update

Published

2025-03-11

Title

Frontpage category filter <= 1.0.2 - Cross-Site Request Forgery

Published

2020-09-16

Title

Radio Buttons for Taxonomies < 2.0.6 - Cross-Site Request Forgery

Published

2023-07-24

Title

Perelink Pro <= 2.1.4 - Settings Update via CSRF