CVE-2025-32241

{"id": "CVE-2025-32241", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-04-04T16:15:33.530", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/cleverreach-wc/vulnerability/wordpress-official-cleverreach-woocommerce-integration-plugin-3-4-3-csrf-to-settings-change-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in CleverReach\u00ae Official CleverReach Plugin for WooCommerce allows Cross Site Request Forgery. This issue affects Official CleverReach Plugin for WooCommerce: from n/a through 3.4.3."}, {"lang": "es", "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en CleverReach\u00ae Official CleverReach Plugin for WooCommerce permite Cross Site Request Forgery. Este problema afecta al plugin oficial de CleverReach para WooCommerce desde la versi\u00f3n n/d hasta la 3.4.3."}], "lastModified": "2025-04-07T14:18:15.560", "sourceIdentifier": "audit@patchstack.com"}