Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

EnvoThemes — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting EnvoThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by EnvoThemes:Envo ExtraEnvo's Templates & Widgets for Elementor and WooCommerceEnvo's Elementor Templates & Widgets for WooCommerceEnvo Multipurpose
CVE IDTitleCVSSSeverityPublished
CVE-2026-32386 WordPress Envo Extra plugin <= 1.9.13 - Broken Access Control vulnerability — Envo ExtraCWE-862 8.1 -2026-03-13
CVE-2025-66066 WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability — Envo ExtraCWE-79 6.5 Medium2025-11-21
CVE-2025-47471 WordPress Envo Extra plugin <= 1.9.9 - Broken Access Control Vulnerability — Envo ExtraCWE-862 4.3 Medium2025-05-07
CVE-2025-22770 WordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerability — Envo MultipurposeCWE-862 5.4 Medium2025-03-27
CVE-2024-10770 Envo Extra <= 1.9.3 - Authenticated (Contributor+) Post Disclosure — Envo ExtraCWE-639 4.3 Medium2024-11-09
CVE-2024-50447 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability — Envo's Elementor Templates & Widgets for WooCommerceCWE-79 6.5 Medium2024-10-28
CVE-2024-43292 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerability — Envo's Elementor Templates & Widgets for WooCommerceCWE-79 5.9 Medium2024-08-18
CVE-2024-5645 Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget — Envo ExtraCWE-79 6.4 Medium2024-06-07
CVE-2024-4385 Envo Extra <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting — Envo ExtraCWE-79 6.4 Medium2024-05-16
CVE-2024-35167 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability — Envo's Elementor Templates & Widgets for WooCommerceCWE-79 6.5 Medium2024-05-13
CVE-2024-32456 WordPress Envo Extra plugin <= 1.8.11 - Cross Site Scripting (XSS) vulnerability — Envo ExtraCWE-79 6.5 Medium2024-04-17
CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation — Envo's Templates & Widgets for Elementor and WooCommerceCWE-352 4.3 Medium2024-02-28
CVE-2024-0766 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request — Envo's Templates & Widgets for Elementor and WooCommerceCWE-284 4.3 Medium2024-02-28
CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation — Envo's Templates & Widgets for Elementor and WooCommerceCWE-352 4.3 Medium2024-02-28

This page lists every published CVE security advisory associated with EnvoThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.