{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32112", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-04-10T19:19:25.420Z", "datePublished": "2024-04-11T12:01:39.193Z", "dateUpdated": "2024-08-08T16:12:18.358Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "leadinfo", "product": "Leadinfo", "vendor": "Leadinfo", "versions": [{"lessThanOrEqual": "1.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nguyen Xuan Chien (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.<p>This issue affects Leadinfo: from n/a through 1.0.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-11T12:01:39.193Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/leadinfo/wordpress-leadinfo-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2023-11-27T11:48:00.000Z", "value": "Vendor notified about the vulnerability."}, {"lang": "en", "time": "2024-03-07T11:51:00.000Z", "value": "The patch was released under the same version that was reported as vulnerable."}, {"lang": "en", "time": "2024-03-20T12:59:00.000Z", "value": "Vendor notified about the issue with patch version number."}], "title": "WordPress Leadinfo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:06:43.702Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/leadinfo/wordpress-leadinfo-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T16:02:17.593044Z", "id": "CVE-2024-32112", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T16:12:18.358Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/leadinfo/wordpress-leadinfo-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:06:43.702Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-08T16:02:17.593044Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T16:02:19.871Z"}}], "cna": {"title": "WordPress Leadinfo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nguyen Xuan Chien (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Leadinfo", "product": "Leadinfo", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.0"}], "packageName": "leadinfo", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-11-27T11:48:00.000Z", "value": "Vendor notified about the vulnerability."}, {"lang": "en", "time": "2024-03-07T11:51:00.000Z", "value": "The patch was released under the same version that was reported as vulnerable."}, {"lang": "en", "time": "2024-03-20T12:59:00.000Z", "value": "Vendor notified about the issue with patch version number."}], "references": [{"url": "https://patchstack.com/database/vulnerability/leadinfo/wordpress-leadinfo-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.\n\n", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.<p>This issue affects Leadinfo: from n/a through 1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-11T12:01:39.193Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32112", "state": "PUBLISHED", "dateUpdated": "2024-08-08T16:12:18.358Z", "dateReserved": "2024-04-10T19:19:25.420Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-04-11T12:01:39.193Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Leadinfo leadinfo. El parche se lanz\u00f3 con la misma versi\u00f3n que se inform\u00f3 como vulnerable. Consideramos que la versi\u00f3n actual es vulnerable. Este problema afecta a Leadinfo: desde n/a hasta 1.0."}], "id": "CVE-2024-32112", "lastModified": "2024-11-21T09:14:29.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-04-11T12:15:08.070", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/vulnerability/leadinfo/wordpress-leadinfo-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/database/vulnerability/leadinfo/wordpress-leadinfo-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}