CVE-2026-25014
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.
AnalysisAI
Unauthenticated attackers can perform Cross-Site Request Forgery (CSRF) attacks against users of Enter Addons version 2.3.2 and earlier, potentially modifying victim data through unwanted actions. The vulnerability requires user interaction to succeed but carries no authentication barriers, allowing attackers to forge requests that alter application state. No patch is currently available to remediate this issue.
Technical ContextAI
Classified as CWE-352 (Cross-Site Request Forgery (CSRF)). Affects themelooks Enter Addons enteraddons. Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.
Affected ProductsAI
Product: themelooks Enter Addons enteraddons.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today