Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • January 29, 2025 at 5:24 am #1475951
    Sudhir
    Guest

    Hi,

    The previous developer who used “Enfold Theme Options” to create our wordpress site did not provide us the token and it seems because of old theme vunerabilities our website is affected. Our malware scanner says “Enfold Vulnerability
    Category:Theme

    Versions-Affected:<= 5.6.4

    Type:Cross Site Scripting

    Severity:High

    Is Fixed Version Available:No

    Description:Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Enfold Theme. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 5.6.5.”

    Update your Theme from the WordPress Dashboard
    If you want to get update notifications for your theme and if you want to be able to update your theme from your WordPress backend you need to enter your Envato Private Token below.

    Can you help us get access upgrade package to This vulnerability has been fixed in version 5.6.5.

    January 29, 2025 at 6:07 am #1475956
    Ismael

    Hey Sudhir,

    Thank you for the inquiry.

    If you don’t have access to the account that was used to purchase the theme, you will need to create another account on Themeforest and purchase a new license. You can then download the latest version 6.0.9 and update the theme manually via FTP. Please check this link: https://kriesi.at/documentation/enfold/theme-update/#update-via-ftp

    Let us know if you need more info.

    Best regards,
    Ismael

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.