VYPR

Envato Elements

by Envato

CVEs (2)

  • CVE-2021-4330HigMar 7, 2023
    risk 0.57cvss 8.8epss 0.02

    The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This…

  • CVE-2024-56275MedJan 7, 2025
    risk 0.27cvss 4.1epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14.