CVE-2024-32112

{"id": "CVE-2024-32112", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-04-11T12:15:08.070", "references": [{"url": "https://patchstack.com/database/vulnerability/leadinfo/wordpress-leadinfo-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Leadinfo leadinfo. El parche se lanz\u00f3 con la misma versi\u00f3n que se inform\u00f3 como vulnerable. Consideramos que la versi\u00f3n actual es vulnerable. Este problema afecta a Leadinfo: desde n/a hasta 1.0."}], "lastModified": "2024-04-11T12:47:44.137", "sourceIdentifier": "audit@patchstack.com"}