Vulnerabilities > Envothemes > Envo Extra

DATE CVE VULNERABILITY TITLE RISK
2024-11-09 CVE-2024-10770 Authorization Bypass Through User-Controlled Key vulnerability in Envothemes Envo Extra
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
envothemes CWE-639
4.3
4.3
2024-06-07 CVE-2024-5645 Cross-site Scripting vulnerability in Envothemes Envo Extra
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping.
network
low complexity
envothemes CWE-79
5.4
5.4
2024-05-16 CVE-2024-4385 Cross-site Scripting vulnerability in Envothemes Envo Extra
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping.
network
low complexity
envothemes CWE-79
5.4
5.4
2024-04-17 CVE-2024-32456 Unspecified vulnerability in Envothemes Envo Extra
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra allows Stored XSS.This issue affects Envo Extra: from n/a through 1.8.11.
network
low complexity
envothemes
5.4
5.4