All 7 CVE vulnerabilities found in Envo Extra, with AI-generated Chinese analysis, references, and POCs.
Vendor: EnvoThemes
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32386 | WordPress Envo Extra plugin <= 1.9.13 - Broken Access Control vulnerability CWE-862 | 8.1 | - | 2026-03-13 |
| CVE-2025-66066 | WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability CWE-79 | 6.5 | Medium | 2025-11-21 |
| CVE-2025-47471 | WordPress Envo Extra plugin <= 1.9.9 - Broken Access Control Vulnerability CWE-862 | 4.3 | Medium | 2025-05-07 |
| CVE-2024-10770 | Envo Extra <= 1.9.3 - Authenticated (Contributor+) Post Disclosure CWE-639 | 4.3 | Medium | 2024-11-09 |
| CVE-2024-5645 | Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget CWE-79 | 6.4 | Medium | 2024-06-07 |
| CVE-2024-4385 | Envo Extra <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting CWE-79 | 6.4 | Medium | 2024-05-16 |
| CVE-2024-32456 | WordPress Envo Extra plugin <= 1.8.11 - Cross Site Scripting (XSS) vulnerability CWE-79 | 6.5 | Medium | 2024-04-17 |
All 7 known CVE vulnerabilities affecting Envo Extra with full Chinese analysis, references, and POCs where available.