CVE-2026-25014 MEDIUM

CVE-2026-25014: WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Vendor Themelooks

Product Enter Addons

Weakness CWE-352 · CSRF

Published February 3, 2026

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.

Explanation of Vulnerability in Simple Terms

02Summary

Enter Addons for themelooks is vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The vulnerability affects all versions up to and including 2.3.2. Site owners should update to a version newer than 2.3.2 when available.

What an attacker can do

03Attacker Capabilities

Perform unwanted actions on the site by tricking an admin into visiting a malicious webpage.

Potential impact on your site

04Site Impact

An attacker can modify site settings or content if they trick an admin into clicking a malicious link.

Conditions required to exploit

05Prerequisites

A logged-in site administrator must visit a webpage controlled by the attacker.

Key dates

06Disclosure timeline

February 3, 2026 CVE published

April 28, 2026 Record updated

External resources

07References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-25014 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities