This vulnerability is a Cross-Site Request Forgery (CSRF) issue in desertthemes Corpiva affecting versions up to 1.0.96. CSRF vulnerabilities allow attackers to induce authenticated users to perform unwanted actions without their consent. The CVSS vector indicates the attack can be performed remotely over the network with low attack complexity and no privileges required, but requires user interaction. The impact is limited to integrity with no confidentiality or availability impact. No patch or vendor advisory is provided, and no known exploits exist in the wild. The product is not cloud-hosted, so remediation responsibility lies with the user or vendor.

The impact is limited to integrity, meaning an attacker could cause unauthorized changes or actions via CSRF if a user is tricked into interacting with a malicious site. There is no impact on confidentiality or availability. The vulnerability requires user interaction and no privileges, making it moderately risky but not critical. No known exploitation in the wild has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor the vendor's communications for updates. In the meantime, applying standard CSRF mitigations such as verifying anti-CSRF tokens in requests or restricting sensitive actions to POST requests with proper validation may reduce risk. However, do not assume these mitigations are sufficient without vendor confirmation.