cleantalk
Vulnerabilities and Security Researches

Style Kits – Advanced Theme Styles for Elementor, CVE-2021-4401

CVE, Research URL

CVE-2021-4401

Home page URL

Security reports for Style Kits – Advanced Theme Styles for Elementor

Application

Style Kits – Advanced Theme Styles for Elementor

Published on
Jul 01, 2023
Research Description
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.8.1.
Status
vulnerable
Previous vulnerability researches
Style Kits – Advanced Theme Styles for Elementor (CVE-2026-6565) , May 28, 2026
Style Kits – Advanced Theme Styles for Elementor (CVE-2021-4401) , Jun 07, 2024
Style Kits – Advanced Theme Styles for Elementor (6a458c9819b8e298c3a10471d934967bc21ed821) , Jun 07, 2024
Style Kits – Advanced Theme Styles for Elementor (CVE-2021-4342) , Jun 07, 2024
New vulnerability
Admin Chat Box (CVE-2026-8787) , May 29, 2026
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab (CVE-2026-25426) , May 29, 2026
Query Shortcode (CVE-2026-9200) , May 29, 2026
Shortcode Buddy (CVE-2026-8897) , May 29, 2026
Adminimize (CVE-2026-49045) , May 29, 2026