Browse all 8 CVE security advisories affecting Toast Plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Toast Plugins provides point-of-sale (POS) systems and payment processing solutions for restaurants. Historically, these plugins have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often due to insufficient input validation and improper access controls. The 8 recorded CVEs highlight ongoing security challenges, with several allowing attackers to execute arbitrary code or bypass authentication. While no major public incidents have been widely reported, the consistent discovery of vulnerabilities suggests a need for enhanced security practices in their plugin ecosystem, particularly for web-facing components that handle sensitive payment data and customer information.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54039 | WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability — AnimatorCWE-352 | 4.3 | Medium | 2025-07-16 |
| CVE-2023-47689 | WordPress Animator plugin <= 3.0.10 - Unauthenticated Plugin Settings Change Vulnerability — AnimatorCWE-862 | 6.5 | Medium | 2025-01-02 |
| CVE-2024-49308 | WordPress Animator – Scroll Triggered Animations plugin <= 3.0.15 - Reflected Cross Site Scripting (XSS) vulnerability — AnimatorCWE-79 | 7.1 | High | 2024-10-17 |
This page lists every published CVE security advisory associated with Toast Plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.