Description
Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96.
Published: 2026-03-13
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Request Forgery
Action: Apply Patch
AI Analysis

Impact

The vulnerability described in the CVE allows Cross‑Site Request Forgery (CSRF) against the Corpiva WordPress theme. This weakness, identified as CWE‑352, enables an attacker to cause the theme to perform actions on behalf of an authenticated user without that user’s consent. The damage is limited to functions that the authenticated user can normally execute, potentially affecting content integrity and site configuration.

Affected Systems

The affected vendor is desertthemes and the product is the Corpiva WordPress theme. All installations of version 1.0.96 or earlier are vulnerable, while later releases are presumed unaffected.

Risk and Exploitability

The CVSS score of 4.3 indicates medium severity, and the EPSS score is below 1%, suggesting a low probability of exploitation in the wild. This vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an authenticated user unknowingly submitting a forged request—this inference is based on the nature of CSRF weaknesses and is not explicitly provided in the CVE data. Successful exploitation would replace or delete content, modify settings, or otherwise alter the site state within the permissions of the user that is coerced into the request.

Generated by OpenCVE AI on March 17, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Corpiva theme to any version newer than 1.0.96 to eliminate the CSRF flaw.

Generated by OpenCVE AI on March 17, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Desertthemes
Desertthemes corpiva
Wordpress
Wordpress wordpress
Vendors & Products Desertthemes
Desertthemes corpiva
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96.
Title WordPress Corpiva theme <= 1.0.96 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References

Subscriptions

Desertthemes Corpiva
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:55.905Z

Reserved: 2026-03-12T11:10:35.809Z

Link: CVE-2026-32344

cve-icon Vulnrichment

Updated: 2026-03-17T13:46:03.880Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:45.957

Modified: 2026-03-17T14:16:15.557

Link: CVE-2026-32344

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:11Z

Weaknesses