Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • August 29, 2024 at 10:03 pm #1465713
    Kevin Geoffrey
    Guest

    Howdy. Are you guys aware that WordFence has flagged the current version of Enfold (6.0.3) for security vulnerabilities? Hope you have a fix coming soon. Thanks.

    Enfold <= 6.0.3 – Authenticated (Contributor ) Stored Cross-Site Scripting via wrapper_class and class Parameters

    The Enfold – Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and ‘class’ parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    August 30, 2024 at 12:23 pm #1465778
    Ismael

    Hey Kevin Geoffrey,

    Thank you for bringing this issue to our attention.

    We have forwarded the provided link to our channel for further review. We will make sure to provide you with feedback as soon as we have more information or updates available. If you have any additional details or questions, feel free to reach out to us.

    Best regards,
    Ismael

    September 3, 2024 at 3:59 pm #1466136
    Yigit

    Hey,

    I just wanted to let you know that our developers addressed this issue and we will release Enfold 6.0.4 very soon.

    Regards,
    Yigit

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.