Description
Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80.
Published: 2026-03-13
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Request Forgery leading to unauthorized actions
Action: Apply Patch
AI Analysis

Impact

The CVE identifies a Cross‑Site Request Forgery (CSRF) vulnerability in the WordPress Easy Table of Contents plugin from Publisher Magazine3. The flaw allows an attacker to send requests on behalf of an authenticated user that the plugin accepts without additional validation. This weakness is classified under CWE‑352. The official description does not specify which plugin functions could be abused, only that arbitrary requests are possible.

Affected Systems

The affected product is the Magazine3 Easy Table of Contents plugin for WordPress. All releases from the earliest available version (designated as n/a) through and including version 2.0.80 are vulnerable. No versions beyond 2.0.80 are listed as affected.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity. EPSS is under 1%, implying a low probability of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting it has not been widely leveraged in the wild. Based on the description, the likely attack vector is web‑based; an attacker would need to target a user who is authenticated to the site and craft a malicious request that the plugin processes as if it came from the authenticated user. No specific exploitation conditions beyond the need for an authenticated session are provided, so the risk is assessed as moderate with a low likelihood of exploitation.

Generated by OpenCVE AI on March 19, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Easy Table of Contents plugin to a version newer than 2.0.80.
  • If an upgrade is not possible immediately, restrict access to the plugin’s administrative interface to trusted users and monitor for unauthorized activity.
  • Check the publisher’s website or the plugin repository for any available patches or updates.

Generated by OpenCVE AI on March 19, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Magazine3
Magazine3 easy Table Of Contents
Wordpress
Wordpress wordpress
Vendors & Products Magazine3
Magazine3 easy Table Of Contents
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80.
Title WordPress Easy Table of Contents plugin <= 2.0.80 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References

Subscriptions

Magazine3 Easy Table Of Contents
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:55.735Z

Reserved: 2026-03-12T11:10:35.809Z

Link: CVE-2026-32343

cve-icon Vulnrichment

Updated: 2026-03-13T20:15:04.552Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:45.517

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32343

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:12Z

Weaknesses