{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32267", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-04-04T10:02:22.506Z", "datePublished": "2025-04-04T15:59:41.905Z", "dateUpdated": "2025-04-04T19:59:42.849Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-04T15:59:41.905Z"}, "title": "WordPress WP to Hootsuite plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "affected": [{"vendor": "wpzinc", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-to-hootsuite", "product": "Post to Social Media \u2013 WordPress to Hootsuite", "versions": [{"lessThanOrEqual": "1.5.8", "status": "affected", "version": "n/a", "versionType": "custom", "changes": [{"at": "1.6.0", "status": "unaffected"}]}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media \u2013 WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media \u2013 WordPress to Hootsuite: from n/a through 1.5.8.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media \u2013 WordPress to Hootsuite allows Cross Site Request Forgery.</p><p>This issue affects Post to Social Media \u2013 WordPress to Hootsuite: from n/a through 1.5.8.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/wp-to-hootsuite/vulnerability/wordpress-wp-to-hootsuite-plugin-1-5-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "version": "3.1"}}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Post to Social Media \u2013 WordPress to Hootsuite wordpress plugin to the latest available version (at least 1.6.0)."}], "value": "Update the WordPress Post to Social Media \u2013 WordPress to Hootsuite wordpress plugin to the latest available version (at least 1.6.0)."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nabil Irawan (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-04T19:59:19.827040Z", "id": "CVE-2025-32267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T19:59:42.849Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32267", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-04-04T10:02:22.506Z", "datePublished": "2025-04-04T15:59:41.905Z", "dateUpdated": "2025-04-04T19:59:42.849Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-04T15:59:41.905Z"}, "title": "WordPress WP to Hootsuite plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "affected": [{"vendor": "wpzinc", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-to-hootsuite", "product": "Post to Social Media \u2013 WordPress to Hootsuite", "versions": [{"lessThanOrEqual": "1.5.8", "status": "affected", "version": "n/a", "versionType": "custom", "changes": [{"at": "1.6.0", "status": "unaffected"}]}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media \u2013 WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media \u2013 WordPress to Hootsuite: from n/a through 1.5.8.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media \u2013 WordPress to Hootsuite allows Cross Site Request Forgery.</p><p>This issue affects Post to Social Media \u2013 WordPress to Hootsuite: from n/a through 1.5.8.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/wp-to-hootsuite/vulnerability/wordpress-wp-to-hootsuite-plugin-1-5-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "version": "3.1"}}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Post to Social Media \u2013 WordPress to Hootsuite wordpress plugin to the latest available version (at least 1.6.0)."}], "value": "Update the WordPress Post to Social Media \u2013 WordPress to Hootsuite wordpress plugin to the latest available version (at least 1.6.0)."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nabil Irawan (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-04T19:59:19.827040Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T19:59:30.869Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media \u2013 WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media \u2013 WordPress to Hootsuite: from n/a through 1.5.8."}, {"lang": "es", "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en wpzinc Post to Social Media \u2013 WordPress to Hootsuite permite Cross Site Request Forgery. Este problema afecta a \"Publicaciones en redes sociales (de WordPress a Hootsuite) desde n/d hasta la versi\u00f3n 1.5.8."}], "id": "CVE-2025-32267", "lastModified": "2025-04-07T14:17:50.220", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-04-04T16:15:37.713", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/wp-to-hootsuite/vulnerability/wordpress-wp-to-hootsuite-plugin-1-5-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}