VYPR

Template Kit Import

by Envato

CVEs (2)

  • CVE-2021-4330HigMar 7, 2023
    risk 0.57cvss 8.8epss 0.02

    The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This…

  • CVE-2024-37550Jul 21, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Envato Template Kit – Export allows Stored XSS.This issue affects Template Kit – Export: from n/a through 1.0.22.