Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Envo\'s_elementor_templates_\&_widgets_for_woocommerce
(Envothemes)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-28 | CVE-2024-0766 | The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates. | Envo\'s_elementor_templates_\&_widgets_for_woocommerce | N/A | ||
| 2024-02-28 | CVE-2024-0767 | The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajax_plugin_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | Envo\'s_elementor_templates_\&_widgets_for_woocommerce | N/A | ||
| 2024-02-28 | CVE-2024-0768 | The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajax_theme_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | Envo\'s_elementor_templates_\&_widgets_for_woocommerce | N/A | ||
| 2024-10-28 | CVE-2024-50447 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.19. | Envo\'s_elementor_templates_\&_widgets_for_woocommerce | 5.4 |