Envothemes Envo Extra

7 CVEs affecting Envothemes Envo Extra. Latest disclosed: 2026-03-13. Critical: 0, High: 0.

Top CVEs affecting Envothemes Envo Extra
CVE	Severity	Score	Published	Summary
`CVE-2025-66066`	Medium	`6.5`	2025-11-21	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This i…
`CVE-2024-32456`	Medium	`6.5`	2024-04-17	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra allows Stored XSS.This issue affect…
`CVE-2024-5645`	Medium	`6.4`	2024-06-07	The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up…
`CVE-2024-4385`	Medium	`6.4`	2024-05-16	The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insuff…
`CVE-2026-32386`	Medium	`4.3`	2026-03-13	Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…
`CVE-2025-47471`	Medium	`4.3`	2025-05-07	Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…
`CVE-2024-10770`	Medium	`4.3`	2024-11-09	The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode du…