VYPR

Envolve Plugin

by WordPress

CVEs (2)

  • CVE-2024-11617CriMay 9, 2025
    risk 0.64cvss 9.8epss 0.01

    The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to…

  • CVE-2024-11615MedMay 5, 2025
    risk 0.34cvss 5.3epss 0.00

    The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to…