{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32343", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:10:35.809Z", "datePublished": "2026-03-13T11:41:57.540Z", "dateUpdated": "2026-04-29T09:51:57.680Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "easy-table-of-contents", "product": "Easy Table of Contents", "vendor": "Magazine3", "versions": [{"changes": [{"at": "2.0.81", "status": "unaffected"}], "lessThanOrEqual": "2.0.80", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mike Montoya | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:38.156Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.<p>This issue affects Easy Table of Contents: from n/a through <= 2.0.80.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:57.680Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/easy-table-of-contents/vulnerability/wordpress-easy-table-of-contents-plugin-2-0-80-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "title": "WordPress Easy Table of Contents plugin <= 2.0.80 - Cross Site Request Forgery (CSRF) vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T20:15:46.489627Z", "id": "CVE-2026-32343", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T20:16:09.251Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32343", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T20:15:46.489627Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T20:15:04.552Z"}}], "cna": {"title": "WordPress Easy Table of Contents plugin <= 2.0.80 - Cross Site Request Forgery (CSRF) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Mike Montoya | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "affected": [{"vendor": "Magazine3", "product": "Easy Table of Contents", "versions": [{"status": "affected", "changes": [{"at": "2.0.81", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 2.0.80"}], "packageName": "easy-table-of-contents", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-13T12:41:17.139Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/easy-table-of-contents/vulnerability/wordpress-easy-table-of-contents-plugin-2-0-80-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80.", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.<p>This issue affects Easy Table of Contents: from n/a through <= 2.0.80.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-13T11:41:57.540Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32343", "state": "PUBLISHED", "dateUpdated": "2026-03-13T20:16:09.251Z", "dateReserved": "2026-03-12T11:10:35.809Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:41:57.540Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Magazine3 Easy Table of Contents easy-table-of-contents permite la falsificaci\u00f3n de petici\u00f3n en sitios cruzados. Este problema afecta a Easy Table of Contents: desde n/a hasta &lt;= 2.0.80."}], "id": "CVE-2026-32343", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:45.517", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/easy-table-of-contents/vulnerability/wordpress-easy-table-of-contents-plugin-2-0-80-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.80]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[2.0.81,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Easy Table of Contents", "source": "cna", "vendor": "Magazine3"}, "product": "easy_table_of_contents", "vendor": "magazine3"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T15:50:53.031633+00:00", "value": {"mitigation_remediation": ["Upgrade Easy Table of Contents plugin to a version newer than 2.0.80.", "If an upgrade is not possible immediately, restrict access to the plugin\u2019s administrative interface to trusted users and monitor for unauthorized activity.", "Check the publisher\u2019s website or the plugin repository for any available patches or updates."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery leading to unauthorized actions"}, "threat_synthesis": {"affected_systems": "The affected product is the Magazine3 Easy Table of Contents plugin for WordPress. All releases from the earliest available version (designated as n/a) through and including version 2.0.80 are vulnerable. No versions beyond 2.0.80 are listed as affected.", "description_and_impact": "The CVE identifies a Cross\u2011Site Request Forgery (CSRF) vulnerability in the WordPress Easy Table of Contents plugin from Publisher Magazine3. The flaw allows an attacker to send requests on behalf of an authenticated user that the plugin accepts without additional validation. This weakness is classified under CWE\u2011352. The official description does not specify which plugin functions could be abused, only that arbitrary requests are possible.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity. EPSS is under 1%, implying a low probability of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting it has not been widely leveraged in the wild. Based on the description, the likely attack vector is web\u2011based; an attacker would need to target a user who is authenticated to the site and craft a malicious request that the plugin processes as if it came from the authenticated user. No specific exploitation conditions beyond the need for an authenticated session are provided, so the risk is assessed as moderate with a low likelihood of exploitation."}}}}, "created": "2026-03-16T09:37:24.982887+00:00", "updated": "2026-03-23T09:59:12.418813+00:00", "vendors": ["magazine3", "magazine3$PRODUCT$easy_table_of_contents", "wordpress", "wordpress$PRODUCT$wordpress"]}