Enfold Security Vulnerabilities and Issues — Enfold CVE List

Lucene search

KriesiEnfold

3 matches found

CVE•added 2021/10/11 11:15 a.m.•63 views

CVE-2021-24719

The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.

6.1CVSS5.9AI score0.00717EPSS

CVE•added 2025/02/25 10:15 a.m.•58 views

CVE-2024-13695

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originat...

6.4CVSS6.6AI score0.00043EPSS

CVE•added 2024/08/30 4:15 a.m.•44 views

CVE-2024-5061

The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS5.6AI score0.00064EPSS