Browse all 6 CVE security advisories affecting Kriesi. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kriesi develops WordPress themes and page builders focused on website creation and customization. Historically, vulnerabilities associated with Kriesi products frequently involve cross-site scripting (XSS) and remote code execution (RCE) due to insufficient input sanitization and improper file handling. Privilege escalation issues have also been documented in multiple instances. The security posture has shown patterns of vulnerabilities stemming from inadequate access controls and insecure direct object references. While no major public security incidents have been widely reported, the consistent presence of multiple CVEs indicates ongoing security challenges that require careful implementation and regular updates by end users.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68900 | WordPress Enfold theme <= 7.1.3 - Cross Site Scripting (XSS) vulnerability — EnfoldCWE-79 | 6.5 | Medium | 2026-01-22 |
| CVE-2025-66053 | WordPress Enfold theme <= 7.1.2 - Cross Site Scripting (XSS) vulnerability — EnfoldCWE-79 | 6.5 | Medium | 2025-11-21 |
This page lists every published CVE security advisory associated with Kriesi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.