Skip to main content

CVE-2026-25014

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-02-03 audit@patchstack.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 03, 2026 - 15:16 nvd
MEDIUM 4.3

DescriptionCVE.org

Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.

AnalysisAI

Unauthenticated attackers can perform Cross-Site Request Forgery (CSRF) attacks against users of Enter Addons version 2.3.2 and earlier, potentially modifying victim data through unwanted actions. The vulnerability requires user interaction to succeed but carries no authentication barriers, allowing attackers to forge requests that alter application state. No patch is currently available to remediate this issue.

Technical ContextAI

Classified as CWE-352 (Cross-Site Request Forgery (CSRF)). Affects themelooks Enter Addons enteraddons. Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.

Affected ProductsAI

Product: themelooks Enter Addons enteraddons.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-25014 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy