Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

EnvoThemes — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting EnvoThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Envothemes develops WordPress themes and templates for website creation, with 14 CVEs recorded to date. Historically, their products have frequently contained remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. Security researchers have identified multiple instances of hardcoded credentials and insecure direct object references in their themes. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities across their product line suggests ongoing challenges in secure development practices, potentially exposing users to significant compromise risks if timely updates are not applied.

Found 7 results / 14Clear Filters
Top products by EnvoThemes: Envo Extra Envo's Templates & Widgets for Elementor and WooCommerce Envo's Elementor Templates & Widgets for WooCommerce Envo Multipurpose
CVE IDTitleCVSSSeverityPublished
CVE-2026-32386 WordPress Envo Extra plugin <= 1.9.13 - Broken Access Control vulnerability — Envo ExtraCWE-862 4.3 Medium2026-03-13
CVE-2025-66066 WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability — Envo ExtraCWE-79 6.5 Medium2025-11-21
CVE-2025-47471 WordPress Envo Extra plugin <= 1.9.9 - Broken Access Control Vulnerability — Envo ExtraCWE-862 4.3 Medium2025-05-07
CVE-2024-10770 Envo Extra <= 1.9.3 - Authenticated (Contributor+) Post Disclosure — Envo ExtraCWE-639 4.3 Medium2024-11-09
CVE-2024-5645 Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget — Envo ExtraCWE-79 6.4 Medium2024-06-07
CVE-2024-4385 Envo Extra <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting — Envo ExtraCWE-79 6.4 Medium2024-05-16
CVE-2024-32456 WordPress Envo Extra plugin <= 1.8.11 - Cross Site Scripting (XSS) vulnerability — Envo ExtraCWE-79 6.5 Medium2024-04-17

This page lists every published CVE security advisory associated with EnvoThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.