Vulnerability Details CVE-2021-24719
The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/164548/WordPress-Enfold-Theme-4.8.3-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/a53e213f-6011-47f8-93e6-aa5ad30e857e
- http://packetstormsecurity.com/files/164548/WordPress-Enfold-Theme-4.8.3-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/a53e213f-6011-47f8-93e6-aa5ad30e857e
Products affected by CVE-2021-24719
-
cpe:2.3:a:kriesi:enfold:-
-
cpe:2.3:a:kriesi:enfold:4.7.4
-
cpe:2.3:a:kriesi:enfold:4.7.5
-
cpe:2.3:a:kriesi:enfold:4.7.6
-
cpe:2.3:a:kriesi:enfold:4.7.6.1
-
cpe:2.3:a:kriesi:enfold:4.7.6.2
-
cpe:2.3:a:kriesi:enfold:4.7.6.3
-
cpe:2.3:a:kriesi:enfold:4.7.6.4
-
cpe:2.3:a:kriesi:enfold:4.8
-
cpe:2.3:a:kriesi:enfold:4.8.1
-
cpe:2.3:a:kriesi:enfold:4.8.2
-
cpe:2.3:a:kriesi:enfold:4.8.3