CVE-2024-32112 MEDIUM

CVE-2024-32112: WordPress Leadinfo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Vendor Leadinfo

Product Leadinfo

Weakness CWE-352 · CSRF

Published April 11, 2024

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.

Key dates

02Disclosure timeline

April 11, 2024 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-32112 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2026-32328 WordPress Lemmony theme < 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-31688 Configuration Split - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-017 CVE-2025-55057 CVE-2023-47781 WordPress Thrive Theme Builder Theme < 3.24.2 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-53332 WordPress Track Everything plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) Vulnerability