Name of the Vulnerable Software and Affected Versions:

Enfold theme for WordPress versions up to, and including, 6.0.9

Description:

The issue allows unauthorized access to data due to a missing capability check in the avia-export-class.php file. This enables unauthenticated attackers to export all avia settings, potentially including sensitive information such as the `Mailchimp API Key`, `reCAPTCHA Secret Key`, or `Envato private token` if they are set.

Recommendations:

For Enfold theme for WordPress versions up to, and including, 6.0.9, update to a version higher than 6.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the avia-export-class.php file to minimize the risk of exploitation.