Tagged: 

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • September 2, 2024 at 3:30 pm #1466053
    Ben

    Hello Team,

    The WordPress website management we use, wpremote.com, is showing ENFOLD as having a vulnerability. Here’s the message we’re seeing:

    Category: Theme

    Versions-Affected: <= 6.0.3

    Type: Cross Site Scripting

    Severity: Medium

    Is Fixed Version Available: No

    Description: The Enfold – Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and ‘class’ parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    September 2, 2024 at 5:58 pm #1466066
    Rikard

    Hey Ben,

    Thanks for that, we are aware of it and working on a solution. Note that this is low serverity.

    Best regards,
    Rikard

    September 3, 2024 at 4:02 pm #1466139
    Yigit

    Hey Ben,

    Just to let you know, our developers addressed this issue and we will release Enfold 6.0.4 very soon.

    Cheers!
    Yigit

    September 3, 2024 at 4:07 pm #1466142
    Ben
    This reply has been marked as private.
  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.