Lucene search
+L

364 matches found

RedhatCVE
RedhatCVE
added 2026/04/29 1:38 a.m.6 views

CVE-2025-58922

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

4.3CVSS5.1AI score0.001EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:31 p.m.7 views

EUVD-2026-22820

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS6.1AI score0.0031EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 9:31 p.m.11 views

EUVD-2026-22822

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS5.7AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 6:31 p.m.8 views

EUVD-2025-209554

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

4.3CVSS5.8AI score0.001EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 4:16 p.m.6 views

CVE-2025-58922

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

4.3CVSS0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 3:44 p.m.32 views

CVE-2025-58922 WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

4.3CVSS0.001EPSS
Exploits0References1
CVE
CVE
added 2026/04/22 3:44 p.m.11 views

CVE-2025-58922

The vulnerability concerns ThemeFusion Avada (WordPress theme). A CSRF flaw exists in Avada versions before 7.13.2. The affected component is the theme’s CSRF protection surface; root cause details are not fully disclosed in the provided documents, but the issue is categorized as a Cross-Site Req...

4.3CVSS5.8AI score0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 3:44 p.m.5 views

CVE-2025-58922

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

4.3CVSS5.8AI score0.001EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 3:44 p.m.5 views

CVE-2025-58922 WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

4.3CVSS5.8AI score0.001EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/22 3:43 p.m.6 views

WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Avada versions 7.13.2...

4.3CVSS5.8AI score0.001EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34471

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

4.3CVSS5.8AI score0.001EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

WordPress plugin Avada 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.3CVSS5.7AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2026/04/15 4:17 a.m.11 views

CVE-2026-1541

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS0.00269EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 4:17 a.m.8 views

CVE-2026-1509

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS0.0031EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/15 1:25 a.m.7 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS6.1AI score0.0031EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/15 1:25 a.m.6 views

CVE-2026-1509

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS6.1AI score0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/15 1:25 a.m.33 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS0.0031EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/15 1:25 a.m.4 views

CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS5.7AI score0.00269EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 1:25 a.m.6 views

CVE-2026-1541

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS5.7AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 1:25 a.m.35 views

CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS0.00269EPSS
Exploits0References2
Rows per page
Query Builder