cleantalk
Vulnerabilities and Security Researches

Envo Extra, CVE-2025-66066

CVE, Research URL

CVE-2025-66066

Home page URL

Security reports for Envo Extra

Application

Envo Extra

Published on
Nov 21, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through <= 1.9.11.
Affected versions
max 1.9.11.
Status
vulnerable
Previous vulnerability researches
Envo Extra (CVE-2024-5645) , Jun 08, 2024
Envo Extra (CVE-2025-47471) , May 09, 2025
Envo Extra (4370a080274d0696a00c0cf989f84692dbe2e074) , Jun 07, 2024
Envo Extra (CVE-2024-32456) , Jun 07, 2024
Envo Extra (CVE-2024-4385) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs &#8211; Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025