What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9.
CVE-2024-37199
HIGH
CVE-2024-37199: WordPress Enfold theme <= 5.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS base score
7.1/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Key dates
02Disclosure timeline
July 22, 2024
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-57929 WordPress Double the Donation Plugin <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2018-0407
CVE-2025-57947 WordPress Photo Gallery by Ays Plugin <= 6.3.8 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-64200 WordPress Email Template Customizer for WooCommerce plugin <= 1.2.17 - Cross Site Scripting (XSS) vulnerability
CVE-2022-35697 AEM File Upload Security Issue leading to RXSS
