Lucene search
+L

364 matches found

WPVulnDB
WPVulnDB
added 2022/04/19 12:0 a.m.148 views

Fusion Builder < 3.6.2 - Unauthenticated SSRF

Description The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network...

9.8CVSS9.2AI score0.71722EPSS
Exploits6References2
Patchstack
Patchstack
added 2022/04/19 12:0 a.m.97 views

WordPress Avada premium theme <= 7.6.1 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability

Unauthenticated Server-Side Request Forgery SSRF vulnerability discovered by Calum Elrick in WordPress Avada premium theme versions = 7.6.1. Solution Update the WordPress Avada premium theme to the latest available version at least 7.6.2...

9.8CVSS4AI score0.71722EPSS
Exploits6References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/13 12:0 a.m.12 views

Avada < 7.4.2 - Reflected Cross-Site Scripting

Description The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue. PoC https://theme-fusion.com/forums/search/z-- FAIL/...

6.5AI score
Exploits0References1
wpexploit
wpexploit
added 2021/09/13 12:0 a.m.473 views

Avada < 7.4.2 - Reflected Cross-Site Scripting

Description The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue. https://theme-fusion.com/forums/search/z--FAIL/...

6.7AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2021/09/13 12:0 a.m.15 views

Avada < 7.4.2 - Stored Cross-Site Scripting

Description The Avada Forms component allowed unescaped HTML form entries to be loaded on the backend...

6.9AI score
Exploits0References1
Patchstack
Patchstack
added 2020/05/01 12:0 a.m.11 views

WordPress Avada premium theme <= 6.2.2 - Arbitrary Post Creation, Edition and Deletion vulnerability

Arbitrary Post Creation, Edition, and Deletion vulnerability discovered by NinTechNet in WordPress Avada premium theme versions = 6.2.2. Solution Update the WordPress Avada premium theme to the latest available version at least 6.2.3...

3.4AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/01 12:0 a.m.49 views

Avada < 6.2.3 - Missing Permission Checks leading to Arbitrary Post Creation, Edition, Deletion and Stored XSS

Description NinTechNet disclosed multiple security vulnerabilities affecting the premium Avada WordPress theme on their blog after responsibly disclosing the security vulnerabilities to Avada. These vulnerabilities included: - Content Injection & Stored XSS - Arbitrary Post Deletion - Arbitrary...

6.4CVSS6.6AI score0.00648EPSS
Exploits1References2
Patchstack
Patchstack
added 2020/05/01 12:0 a.m.10 views

WordPress Avada premium theme <= 6.2.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Avada premium theme versions = 6.2.2. Solution Update the WordPress Avada premium theme to the latest available version at least 6.2.3...

2.2AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/09/20 12:0 a.m.33 views

avada theme for WordPress cross-site scripting vulnerability

avada theme for WordPress is a responsive multipurpose theme plugin for use in WordPress. A cross-site scripting vulnerability exists in avada theme for WordPress versions prior to 5.1.5. The vulnerability stems from a lack of proper validation of client-side data by the web application. An...

6.1CVSS6.2AI score0.00907EPSS
Exploits1References1
OSV
OSV
added 2019/09/10 12:15 p.m.5 views

CVE-2017-18606

The avada theme before 5.1.5 for WordPress has stored XSS...

6.1CVSS5.8AI score0.00907EPSS
Exploits1References1
OSV
OSV
added 2019/09/10 12:15 p.m.4 views

CVE-2017-18607

The avada theme before 5.1.5 for WordPress has CSRF...

8.8CVSS5.8AI score0.00669EPSS
Exploits1References1
NVD
NVD
added 2019/09/10 12:15 p.m.30 views

CVE-2017-18606

The avada theme before 5.1.5 for WordPress has stored XSS...

6.1CVSS6.4AI score0.00907EPSS
Exploits1References1
NVD
NVD
added 2019/09/10 12:15 p.m.20 views

CVE-2017-18607

The avada theme before 5.1.5 for WordPress has CSRF...

8.8CVSS8.8AI score0.00669EPSS
Exploits1References1
Prion
Prion
added 2019/09/10 12:15 p.m.23 views

Cross site request forgery (csrf)

The avada theme before 5.1.5 for WordPress has CSRF...

6.8CVSS8.7AI score0.00669EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/09/10 12:15 p.m.18 views

Cross site scripting

The avada theme before 5.1.5 for WordPress has stored XSS...

4.3CVSS6.3AI score0.00907EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/09/10 11:18 a.m.59 views

CVE-2017-18607

CVE-2017-18607 affects the Avada WordPress theme prior to 5.1.5. The NVD entry documents a CSRF vulnerability (pre-5.1.5) with CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (base 8.8) and CVSS v2: AV:N/AC:M/Au:N/C:P/I:P/A:P (base 6.8). Connected sources also reference related issues in older bui...

8.8CVSS8.7AI score0.00669EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/10 11:18 a.m.22 views

CVE-2017-18607

The avada theme before 5.1.5 for WordPress has CSRF...

8.8AI score0.00669EPSS
Exploits1References1
CVE
CVE
added 2019/09/10 11:17 a.m.61 views

CVE-2017-18606

The CVE-2017-18606 entry concerns the Avada WordPress theme (before 5.1.5) with a stored XSS vulnerability. Connected sources confirm the root cause as insufficient validation of client-side data leading to cross-site scripting. Affected product: Avada theme for WordPress prior to 5.1.5. Impact: ...

6.1CVSS6.3AI score0.00907EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/10 11:17 a.m.34 views

CVE-2017-18606

The avada theme before 5.1.5 for WordPress has stored XSS...

6.4AI score0.00907EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2017/05/02 12:0 a.m.46 views

Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF

Description The Avada WordPress theme was affected by a Stored Cross-Site Scripting XSS & CSRF security vulnerability. PoC http://cdn.wphutte.com/Avada/5.1.4/xss.html http://cdn.wphutte.com/Avada/5.1.4/csrf.html...

8.8CVSS6.5AI score0.00907EPSS
Exploits1References2
Rows per page
Query Builder