CVE-2024-32112

MEDIUM

Leadinfo <= 1.0 - Cross-Site Request Forgery

Title source: llm

Description

Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/leadinfo/wordpress-leadinfo-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Scores

CVSS v3 4.3

EPSS 0.0019

EPSS Percentile 8.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

Leadinfo/Leadinfo < 1.0

Published Apr 11, 2024

Tracked Since Feb 18, 2026