{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32261", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-04-04T10:02:14.481Z", "datePublished": "2025-04-04T15:59:31.894Z", "dateUpdated": "2025-04-08T18:36:27.884Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-04T15:59:31.894Z"}, "title": "WordPress Advanced All in One Admin Search by WP Spotlight <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "affected": [{"vendor": "Kuppuraj", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-spotlight-search", "product": "Advanced All in One Admin Search by WP Spotlight", "versions": [{"lessThanOrEqual": "1.1.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery.</p><p>This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/wp-spotlight-search/vulnerability/wordpress-advanced-all-in-one-admin-search-by-wp-spotlight-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "version": "3.1"}}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T18:36:12.947408Z", "id": "CVE-2025-32261", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T18:36:27.884Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32261", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T18:36:12.947408Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T18:36:20.604Z"}}], "cna": {"title": "WordPress Advanced All in One Admin Search by WP Spotlight <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Kuppuraj", "product": "Advanced All in One Admin Search by WP Spotlight", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.1.1"}], "packageName": "wp-spotlight-search", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wp-spotlight-search/vulnerability/wordpress-advanced-all-in-one-admin-search-by-wp-spotlight-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1.", "supportingMedia": [{"type": "text/html", "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery.</p><p>This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-04T15:59:31.894Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32261", "state": "PUBLISHED", "dateUpdated": "2025-04-08T18:36:27.884Z", "dateReserved": "2025-04-04T10:02:14.481Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-04-04T15:59:31.894Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1."}, {"lang": "es", "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Kuppuraj Advanced All in One Admin Search de WP Spotlight permite Cross Site Request Forgery. Este problema afecta a Advanced All in One Admin Search de WP Spotlight desde n/d hasta la versi\u00f3n 1.1.1."}], "id": "CVE-2025-32261", "lastModified": "2025-04-07T14:18:15.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-04-04T16:15:36.720", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/wp-spotlight-search/vulnerability/wordpress-advanced-all-in-one-admin-search-by-wp-spotlight-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{}