WordPress Avada | Website Builder For WordPress & eCommerce plugin <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via fusionbutton Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Fusion Builder versions = 3.11.9...

PT-2024-36778 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & eCommerce plugin for WordPress versions up to, and including, 3.11.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's fusion button shortcode due to insufficient input...