CVE-2021-4414: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2021-4414 affects multiple WordPress plugins, including the Abandoned Cart Lite for WooCommerce plugin, up to and including version 5.8.5. This Cross-Site Request Forgery (CSRF) vulnerability was discovered by Jerome Bruandet of NinTechNet and was publicly disclosed on March 1, 2021 (WPScan).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue where affected plugins did not properly check for CSRF nonces, allowing attackers to make logged-in users perform unwanted actions through crafted requests that bypass the nonce parameter verification. The vulnerability has been assigned a CVSS score of 4.3 (Medium) severity (Wordfence).

The vulnerability could allow attackers to trick authenticated users into performing unintended actions on the affected WordPress installations without their knowledge or consent. This affects multiple popular plugins including forminator, dokan-lite, defender-security, woocommerce-abandoned-cart, analogwp-templates, erp, wedevs-project-manager, and wp-travel (WPScan).

The vulnerability has been fixed in subsequent versions of the affected plugins. Users should upgrade to the following versions: forminator (1.14.8.1), dokan-lite (3.2.1), defender-security (2.4.6.1), woocommerce-abandoned-cart (5.8.6), analogwp-templates (1.8.1), erp (1.7.5), wedevs-project-manager (2.4.10), and wp-travel (4.4.7) (WPScan).