Skip to main content

Envo Extra

5 CVEs product

Monthly

CVE-2026-32386 MEDIUM This Month

Envo Extra through version 1.9.13 contains an authorization bypass that allows authenticated attackers to access or modify sensitive data due to improperly configured access controls. An attacker with valid credentials can exploit this vulnerability to perform unauthorized actions within the plugin. No patch is currently available, and the vulnerability has not been confirmed as actively exploited.

Authentication Bypass Envo Extra
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-10770 MEDIUM PATCH This Month

The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Information Disclosure Envo Extra
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-5645 MEDIUM PATCH This Month

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Envo Extra
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4385 MEDIUM PATCH This Month

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Envo Extra
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-32456 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra allows Stored XSS.8.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Envo Extra
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

Envo Extra through version 1.9.13 contains an authorization bypass that allows authenticated attackers to access or modify sensitive data due to improperly configured access controls. An attacker with valid credentials can exploit this vulnerability to perform unauthorized actions within the plugin. No patch is currently available, and the vulnerability has not been confirmed as actively exploited.

Authentication Bypass Envo Extra
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Information Disclosure +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Envo Extra
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Envo Extra
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra allows Stored XSS.8.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Envo Extra
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy