Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

EnvoThemes — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting EnvoThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Envothemes develops WordPress themes and templates for website creation, with 14 CVEs recorded to date. Historically, their products have frequently contained remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. Security researchers have identified multiple instances of hardcoded credentials and insecure direct object references in their themes. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities across their product line suggests ongoing challenges in secure development practices, potentially exposing users to significant compromise risks if timely updates are not applied.

Top products by EnvoThemes: Envo Extra Envo's Templates & Widgets for Elementor and WooCommerce Envo's Elementor Templates & Widgets for WooCommerce Envo Multipurpose
CVE IDTitleCVSSSeverityPublished
CVE-2026-32386 WordPress Envo Extra plugin <= 1.9.13 - Broken Access Control vulnerability — Envo ExtraCWE-862 4.3 Medium2026-03-13
CVE-2025-66066 WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability — Envo ExtraCWE-79 6.5 Medium2025-11-21
CVE-2025-47471 WordPress Envo Extra plugin <= 1.9.9 - Broken Access Control Vulnerability — Envo ExtraCWE-862 4.3 Medium2025-05-07
CVE-2025-22770 WordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerability — Envo MultipurposeCWE-862 5.4 Medium2025-03-27
CVE-2024-10770 Envo Extra <= 1.9.3 - Authenticated (Contributor+) Post Disclosure — Envo ExtraCWE-639 4.3 Medium2024-11-09
CVE-2024-50447 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability — Envo's Elementor Templates & Widgets for WooCommerceCWE-79 6.5 Medium2024-10-28
CVE-2024-43292 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerability — Envo's Elementor Templates & Widgets for WooCommerceCWE-79 5.9 Medium2024-08-18
CVE-2024-5645 Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget — Envo ExtraCWE-79 6.4 Medium2024-06-07
CVE-2024-4385 Envo Extra <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting — Envo ExtraCWE-79 6.4 Medium2024-05-16
CVE-2024-35167 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability — Envo's Elementor Templates & Widgets for WooCommerceCWE-79 6.5 Medium2024-05-13
CVE-2024-32456 WordPress Envo Extra plugin <= 1.8.11 - Cross Site Scripting (XSS) vulnerability — Envo ExtraCWE-79 6.5 Medium2024-04-17
CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation — Envo's Templates & Widgets for Elementor and WooCommerceCWE-352 4.3 Medium2024-02-28
CVE-2024-0766 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request — Envo's Templates & Widgets for Elementor and WooCommerceCWE-284 4.3 Medium2024-02-28
CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation — Envo's Templates & Widgets for Elementor and WooCommerceCWE-352 4.3 Medium2024-02-28

This page lists every published CVE security advisory associated with EnvoThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.