364 matches found
Fusion Builder < 3.6.2 - Unauthenticated SSRF
Description The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network...
WordPress Avada premium theme <= 7.6.1 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability
Unauthenticated Server-Side Request Forgery SSRF vulnerability discovered by Calum Elrick in WordPress Avada premium theme versions = 7.6.1. Solution Update the WordPress Avada premium theme to the latest available version at least 7.6.2...
Avada < 7.4.2 - Reflected Cross-Site Scripting
Description The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue. PoC https://theme-fusion.com/forums/search/z-- FAIL/...
Avada < 7.4.2 - Reflected Cross-Site Scripting
Description The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue. https://theme-fusion.com/forums/search/z--FAIL/...
Avada < 7.4.2 - Stored Cross-Site Scripting
Description The Avada Forms component allowed unescaped HTML form entries to be loaded on the backend...
WordPress Avada premium theme <= 6.2.2 - Arbitrary Post Creation, Edition and Deletion vulnerability
Arbitrary Post Creation, Edition, and Deletion vulnerability discovered by NinTechNet in WordPress Avada premium theme versions = 6.2.2. Solution Update the WordPress Avada premium theme to the latest available version at least 6.2.3...
Avada < 6.2.3 - Missing Permission Checks leading to Arbitrary Post Creation, Edition, Deletion and Stored XSS
Description NinTechNet disclosed multiple security vulnerabilities affecting the premium Avada WordPress theme on their blog after responsibly disclosing the security vulnerabilities to Avada. These vulnerabilities included: - Content Injection & Stored XSS - Arbitrary Post Deletion - Arbitrary...
WordPress Avada premium theme <= 6.2.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Avada premium theme versions = 6.2.2. Solution Update the WordPress Avada premium theme to the latest available version at least 6.2.3...
avada theme for WordPress cross-site scripting vulnerability
avada theme for WordPress is a responsive multipurpose theme plugin for use in WordPress. A cross-site scripting vulnerability exists in avada theme for WordPress versions prior to 5.1.5. The vulnerability stems from a lack of proper validation of client-side data by the web application. An...
CVE-2017-18606
The avada theme before 5.1.5 for WordPress has stored XSS...
CVE-2017-18607
The avada theme before 5.1.5 for WordPress has CSRF...
CVE-2017-18606
The avada theme before 5.1.5 for WordPress has stored XSS...
CVE-2017-18607
The avada theme before 5.1.5 for WordPress has CSRF...
Cross site request forgery (csrf)
The avada theme before 5.1.5 for WordPress has CSRF...
Cross site scripting
The avada theme before 5.1.5 for WordPress has stored XSS...
CVE-2017-18607
CVE-2017-18607 affects the Avada WordPress theme prior to 5.1.5. The NVD entry documents a CSRF vulnerability (pre-5.1.5) with CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (base 8.8) and CVSS v2: AV:N/AC:M/Au:N/C:P/I:P/A:P (base 6.8). Connected sources also reference related issues in older bui...
CVE-2017-18607
The avada theme before 5.1.5 for WordPress has CSRF...
CVE-2017-18606
The CVE-2017-18606 entry concerns the Avada WordPress theme (before 5.1.5) with a stored XSS vulnerability. Connected sources confirm the root cause as insufficient validation of client-side data leading to cross-site scripting. Affected product: Avada theme for WordPress prior to 5.1.5. Impact: ...
CVE-2017-18606
The avada theme before 5.1.5 for WordPress has stored XSS...
Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF
Description The Avada WordPress theme was affected by a Stored Cross-Site Scripting XSS & CSRF security vulnerability. PoC http://cdn.wphutte.com/Avada/5.1.4/xss.html http://cdn.wphutte.com/Avada/5.1.4/csrf.html...