Cross-Site Request Forgery Vulnerability in WPDM – Premium Packages by WordPress
CVE-2025-54732

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: WPdm – Premium Packages
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-54732?

The Shahjada WPDM – Premium Packages plugin is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw allows attackers to leverage the trust that a user has in the application, potentially executing unintended actions on their behalf. The issue impacts all versions up to 6.0.2, underscoring the importance of users updating their installations to maintain security and prevent unauthorized actions.

Affected Version(s)

WPDM – Premium Packages <= 6.0.2

References

https://patchstack.com/database/wordpress/plugin/wpdm-pre...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jul 28, 2025

Credit

Mika (Patchstack Alliance)