Skip to main content

Enfold

8 CVEs product

Monthly

CVE-2026-48869 HIGH This Week

Reflected cross-site scripting in the Enfold WordPress theme versions up to and including 7.1.4 allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the user is lured into clicking a crafted link. The CVSS scope change (S:C) and Low impact across C/I/A indicate the injected script can affect components beyond the vulnerable theme component, typically the authenticated WordPress session. No public exploit identified at time of analysis, though Patchstack's disclosure provides enough detail for skilled researchers to reproduce.

XSS Enfold
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-13695 MEDIUM This Month

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Enfold
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13693 MEDIUM This Month

The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Authentication Bypass Enfold
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-5061 MEDIUM This Month

The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Enfold
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-37199 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.6.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enfold
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38400 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.6.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enfold
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-24719 MEDIUM POC This Month

The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Enfold
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2014-7297 CRITICAL PATCH Act Now

Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Enfold
NVD
CVSS 2.0
10.0
EPSS
1.5%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the Enfold WordPress theme versions up to and including 7.1.4 allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the user is lured into clicking a crafted link. The CVSS scope change (S:C) and Low impact across C/I/A indicate the injected script can affect components beyond the vulnerable theme component, typically the authenticated WordPress session. No public exploit identified at time of analysis, though Patchstack's disclosure provides enough detail for skilled researchers to reproduce.

XSS Enfold
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Enfold
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Authentication Bypass +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Enfold
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.6.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enfold
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.6.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enfold
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Enfold
NVD WPScan Exploit-DB
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Enfold
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy