CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5061 – Enfold <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters
https://notcve.org/view.php?id=CVE-2024-5061
29 Aug 2024 — The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Enfold - Responsive Multi-Purpose Theme theme for Wor... • https://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37199 – WordPress Enfold theme <= 5.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37199
20 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Kriesi.At Enfold permite XSS reflejado. Este problema afecta a Enfold: desde n/a hasta 5.6.9. The Enfold theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions ... • https://patchstack.com/database/vulnerability/enfold/wordpress-enfold-theme-5-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38400 – WordPress Enfold Theme <= 5.6.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-38400
23 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Kriesi Enfold - Responsive Multi-Purpose Theme permite XSS reflejado. Este problema afecta a Enfold - Responsive Multi-Purpose Theme: d... • https://patchstack.com/database/vulnerability/enfold/wordpress-enfold-theme-5-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2021-24719 – Enfold Theme < 4.8.4 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24719
11 Oct 2021 — The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. El tema Enfold de WordPress versiones anteriores a 4.8.4, era vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Reflejado. La vulnerabilidad está presente en las versiones de Enfold anteriores a la 4.8.4 que usan Avia Page Builder WordPress Enfold theme version 4.8.3 suffers from a cross site scripting ... • https://packetstorm.news/files/id/164548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7297 – Enfold < 3.0.1 - Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2014-7297
07 Oct 2014 — Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors. Vulnerabilidad no especificada en el Framework de carpetas en el tema Enfold anterior a 3.0.1 para WordPress tiene impacto y vectores de ataque desconocidos. • http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990 • CWE-862: Missing Authorization •