Vulnerabilities > Envothemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-09 | CVE-2024-10770 | Authorization Bypass Through User-Controlled Key vulnerability in Envothemes Envo Extra The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-10-28 | CVE-2024-50447 | Cross-site Scripting vulnerability in Envothemes Envo'S Elementor Templates & Widgets for Woocommerce Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.19. | 5.4 |
| 2024-06-07 | CVE-2024-5645 | Cross-site Scripting vulnerability in Envothemes Envo Extra The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-16 | CVE-2024-4385 | Cross-site Scripting vulnerability in Envothemes Envo Extra The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. | 5.4 |