Vulnerabilities > Envothemes > Envo Extra > 1.8.22
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-09 | CVE-2024-10770 | Authorization Bypass Through User-Controlled Key vulnerability in Envothemes Envo Extra The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-06-07 | CVE-2024-5645 | Cross-site Scripting vulnerability in Envothemes Envo Extra The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. | 5.4 |