-
Posts
-
WordFence Warns
Enfold: Cross Site Scripting (XSS) vulnerability discoveredWe have 20+ sites using Enfold and dread having to change themes.
Hey Jody,
Thank you for hte inquiry.
This has been fixed in the latest version of the theme (7.1.3). Please make sure to upgrade to the latest version.
Patchstack team XSS vulnerability report: column and cell link fixed
Best regards,
IsmaelHi Ismael,
Sorry, but you have a current new security vulnerability that was published three days ago on Patchstack! And not the vulnerability that was fixed with 7.1.3 in October 2025!
https://patchstack.com/database/wordpress/theme/enfold/vulnerability/wordpress-enfold-theme-7-1-3-cross-site-scripting-xss-vulnerabilitySo please check and fix it quickly and deliver an appropriate version.
Solutions
This security issue has a low severity impact and is unlikely to be exploited.maybe it is not so urgent ;)
____________________
Perhaps it’s time to introduce a nonce solution for all Enfold scripts?
(for my own i have written a small plugin that will bring to every script/inline-script a nonce-key; and my csp directive says:
script-src ‘nonce-key==’ ‘strict-dynamic’ ) that is the best against XSS – and check f.e. on: https://securityheaders.com/?q=https%3A%2F%2Fwebers-testseite.de&followRedirects=on )Hi,
A patch will be included in the next version (7.1.14) and will be released soon. Thank you for your patience.
Best regards,
Ismael
- You must be logged in to reply to this topic.