Plattform
wordpress
Komponente
corpiva
Behoben in
1.0.97
CVE-2026-32344 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Corpiva WordPress plugin. A CSRF attack allows an attacker to trick a user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the plugin's functionality. This vulnerability impacts versions of Corpiva from 0.0.0 up to and including 1.0.96. A patch is available in version 1.0.97.
The primary impact of this CSRF vulnerability lies in the potential for unauthorized actions within the Corpiva plugin. An attacker could craft malicious links or embed them in websites or emails, enticing authenticated users of the plugin to click them. Upon clicking, the attacker could execute actions as the user, such as modifying plugin settings, deleting data, or potentially gaining access to sensitive information managed by the plugin. The blast radius depends on the plugin's functionality and the permissions granted to affected users. If the plugin handles critical data or integrates with other systems, the impact could be significant.
CVE-2026-32344 was publicly disclosed on 2026-03-13. There are currently no known public proof-of-concept exploits available. The vulnerability's severity is assessed as MEDIUM (4.3 CVSS). It is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed at this time.
Websites utilizing the Corpiva WordPress plugin, particularly those with user accounts and sensitive data managed through the plugin, are at risk. Shared hosting environments where multiple websites share the same server resources are also potentially at greater risk, as a compromise on one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'corpiva/corpiva' /var/www/html/
wp plugin list | grep corpiva• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=corpiva_some_function&some_param=some_valuedisclosure
Exploit-Status
EPSS
0.02% (3% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2026-32344 is to immediately upgrade the Corpiva plugin to version 1.0.97 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. These rules can help detect and block malicious requests. Additionally, carefully review and restrict user permissions within the Corpiva plugin to limit the potential impact of a successful CSRF attack. After upgrading, verify the fix by attempting to trigger a CSRF attack using a known payload and confirming that the action is blocked.
Update to version 1.0.97, or a newer patched version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-32344 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Corpiva WordPress plugins versions 0.0.0 through 1.0.96, allowing attackers to perform unauthorized actions.
You are affected if you are using Corpiva WordPress plugin versions 0.0.0 through 1.0.96. Upgrade to 1.0.97 or later to mitigate the risk.
Upgrade the Corpiva plugin to version 1.0.97 or later. Consider implementing a WAF with CSRF protection as an interim measure.
Active exploitation is not currently confirmed, but it's crucial to apply the patch promptly to prevent potential attacks.
Refer to the desertthemes Corpiva plugin documentation and website for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.