Lucene search
K

95 matches found

NVD
NVD
added 2026/07/02 6:16 a.m.10 views

CVE-2026-11600

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS0.00223EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/02 5:35 a.m.6 views

EUVD-2026-41244

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References8
CVE
CVE
added 2026/07/02 5:35 a.m.13 views

CVE-2026-11600

The CVE-2026-11600 entry concerns Envo’s Templates & Widgets for Elementor and WooCommerce (WordPress). Affected: Tabs and Off Canvas widgets up to version 1.4.26. Root cause: the Tabs widget render() passes a user-controlled template/post ID to Elementor’s get_builder_content_for_display() witho...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.5 views

CVE-2026-11600

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.34 views

CVE-2026-11600 Envo's Templates & Widgets for Elementor and WooCommerce <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure via Envo Tabs Widget 'templates' Setting

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS0.00223EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/01 12:0 a.m.6 views

WordPress Envo's Templates & Widgets for Elementor and WooCommerce plugin <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure vulnerability

Missing Authorization to Authenticated Author+ Private Content Disclosure vulnerability discovered by ? in WordPress Plugin Envo's Elementor Templates & Widgets for WooCommerce versions = 1.4.26...

4.3CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.7 views

CVE-2026-32386

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through = 1.9.13...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11893

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through = 1.9.13...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32386

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through = 1.9.13...

5.4CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.12 views

CVE-2026-32386

CVE-2026-32386 relates to a Missing Authorization vulnerability in the WordPress Envo Extra plugin (EnvoThemes) version ≤ 1.9.13. The issue is described as broken access control due to incorrectly configured security levels, potentially enabling unauthorized access or actions within Envo Extra. T...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32386

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through = 1.9.13...

5.8AI score0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.5 views

CVE-2026-32386 WordPress Envo Extra plugin <= 1.9.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through = 1.9.13...

5.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.26 views

CVE-2026-32386 WordPress Envo Extra plugin <= 1.9.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through = 1.9.13...

4.3CVSS0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.9 views

WordPress plugin Envo Extra 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/05 8:51 a.m.8 views

WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Envo Extra versions = 1.9.11...

6.1CVSS5.9AI score0.00167EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/22 12:34 p.m.8 views

CVE-2025-66066

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through = 1.9.11...

6.5CVSS5.9AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/21 3:31 p.m.4 views

EUVD-2025-198475

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through = 1.9.11...

6.1CVSS5.5AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 1:15 p.m.6 views

CVE-2025-66066

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through = 1.9.11...

6.5CVSS0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/21 12:29 p.m.3 views

CVE-2025-66066 WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through = 1.9.11...

6.5CVSS5.6AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 12:29 p.m.10 views

CVE-2025-66066 WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through = 1.9.11...

6.5CVSS0.00167EPSS
Exploits0References1
Rows per page
Query Builder