CVE-2024-13693

Name of the Vulnerable Software and Affected Versions Enfold theme for WordPress versions up to, and including, 6.0.9

Description The issue allows unauthorized access to data due to a missing capability check in the avia-export-class.php file. This enables unauthenticated attackers to export all avia settings, potentially including sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set.

Recommendations For Enfold theme for WordPress versions up to, and including, 6.0.9, update to a version higher than 6.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the avia-export-class.php file to minimize the risk of exploitation.