Kriesi Enfold

10 CVEs affecting Kriesi Enfold. Latest disclosed: 2026-06-17. Critical: 0, High: 3.

Top CVEs affecting Kriesi Enfold
CVESeverityScorePublishedSummary
CVE-2026-48869High7.12026-06-17Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
CVE-2024-37199High7.12024-07-22Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue a…
CVE-2023-38400High7.12023-11-30Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Ref…
CVE-2025-68900Medium6.52026-01-22Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects E…
CVE-2025-66053Medium6.52025-11-21Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects…
CVE-2024-13695Medium6.42025-02-25The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This…
CVE-2024-5061Medium6.42024-08-30The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and 'class' parameters in…
CVE-2021-24719Medium6.12021-10-11The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous…
CVE-2024-13693Medium5.32025-02-25The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, a…
CVE-2014-72972014-10-13Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.