Avada < 7.13.2 - Cross-Site Request Forgery

Description The Avada theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 7.13.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted...

CVE-2025-58922

The vulnerability concerns ThemeFusion Avada (WordPress theme). A CSRF flaw exists in Avada versions before 7.13.2. The affected component is the theme’s CSRF protection surface; root cause details are not fully disclosed in the provided documents, but the issue is categorized as a Cross-Site Req...

CVE-2025-58922 WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

CVE-2024-2340

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

CVE-2024-2344

The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted...

Avada <= 7.13.2 - Missing Authorization

Description The Avada theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 7.13.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...

CVE-2025-64634 WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through = 7.13.2...

CVE-2025-64634 WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through = 7.13.2...

EUVD-2020-24153

Malware in sbrugna...

EUVD-2017-9719

Malware in sbrugna...

EUVD-2017-9720

Malware in sbrugna...

EUVD-2024-27298

Malicious code in bioql PyPI...

EUVD-2024-27266

Malicious code in bioql PyPI...

WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Avada versions = 7.13.2...

Exploit for Server-Side Request Forgery in Fusion_Builder_Project Fusion_Builder

CVE-2022-1386 – Fusion Builder Example: bash python3...

CVE-2024-2311

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2024-1668

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents...

CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...

CVE-2020-36711

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the updatelayout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web...

CVE-2017-18606

The avada theme before 5.1.5 for WordPress has stored XSS...