Platform
wordpress
Component
corpiva
Fixed in
1.0.97
CVE-2026-32344 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Corpiva WordPress plugin. A CSRF attack allows an attacker to trick a user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the plugin's functionality. This vulnerability impacts versions of Corpiva from 0.0.0 up to and including 1.0.96. A patch is available in version 1.0.97.
The primary impact of this CSRF vulnerability lies in the potential for unauthorized actions within the Corpiva plugin. An attacker could craft malicious links or embed them in websites or emails, enticing authenticated users of the plugin to click them. Upon clicking, the attacker could execute actions as the user, such as modifying plugin settings, deleting data, or potentially gaining access to sensitive information managed by the plugin. The blast radius depends on the plugin's functionality and the permissions granted to affected users. If the plugin handles critical data or integrates with other systems, the impact could be significant.
CVE-2026-32344 was publicly disclosed on 2026-03-13. There are currently no known public proof-of-concept exploits available. The vulnerability's severity is assessed as MEDIUM (4.3 CVSS). It is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed at this time.
Exploit Status
EPSS
0.02% (3% percentile)
CVSS Vector
The primary mitigation for CVE-2026-32344 is to immediately upgrade the Corpiva plugin to version 1.0.97 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. These rules can help detect and block malicious requests. Additionally, carefully review and restrict user permissions within the Corpiva plugin to limit the potential impact of a successful CSRF attack. After upgrading, verify the fix by attempting to trigger a CSRF attack using a known payload and confirming that the action is blocked.
Update to version 1.0.97, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32344 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Corpiva WordPress plugins versions 0.0.0 through 1.0.96, allowing attackers to perform unauthorized actions.
You are affected if you are using Corpiva WordPress plugin versions 0.0.0 through 1.0.96. Upgrade to 1.0.97 or later to mitigate the risk.
Upgrade the Corpiva plugin to version 1.0.97 or later. Consider implementing a WAF with CSRF protection as an interim measure.
Active exploitation is not currently confirmed, but it's crucial to apply the patch promptly to prevent potential attacks.
Refer to the desertthemes Corpiva plugin documentation and website for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.