Vulnerabilities > Envato

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-21	CVE-2024-37550	Cross-site Scripting vulnerability in Envato Template KIT - Export Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Envato Template Kit – Export allows Stored XSS.This issue affects Template Kit – Export: from n/a through 1.0.22. network low complexity envato CWE-79	4.8
2023-03-07	CVE-2021-4330	Unspecified vulnerability in Envato Elements and Template KIT - Import The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. network low complexity envato	8.8
2013-09-30	CVE-2013-5962	Unspecified vulnerability in Envato Complete Gallery Manager Plugin Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/. network high complexity envato	5.1

Vulnerabilities > Envato {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Envato"}]}