CVE-2025-58922 WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Avada versions 7.13.2...

CVE-2017-18606

The avada theme before 5.1.5 for WordPress has stored XSS...

WordPress Avada Builder plugin <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting in Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.11.11...

WordPress Avada Builder plugin <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure vulnerability

Authenticated Contributor+ Protected Post Disclosure vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.11.12...

CVE-2024-54357 WordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through = 7.11.10...

CVE-2024-54357

CVE-2024-54357 is a CSRF vulnerability in ThemeFusion Avada (WordPress) affecting Avada versions up to 7.11.10. Multiple sources indicate the issue was addressed (patched) in Avada 7.11.10; remediation is to upgrade to 7.11.10 or later. No exploitation details are disclosed in the provided docume...

WordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Avada versions = 7.11.10...

WordPress plugin Avada security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-39307 WordPress Avada theme <= 7.11.1 - Authenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1...

WordPress Avada Theme <= 7.11.6 is vulnerable to SQL Injection

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2344 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 15fee136284a Credits Muhammad Zeeshan Xib3rR4dAr Required privilege Administrato...

WordPress Avada Theme <= 7.11.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-2343 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID b215d9a4cc5d Credits Muhammad Zeeshan Xib3rR4dAr Required...

WordPress Avada Theme <= 7.11.5 is vulnerable to Sensitive Data Exposure

Software Avada Type Theme Vulnerable versions = 7.11.5 Fixed in 7.11.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1668 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f064c924d1a4 Credits Muhammad Zeeshan Xib3rR4dAr Require...

WordPress plugin Avada | Website Builder For WordPress & WooCommerce Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Avada Theme <= 7.11.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-39313 Patch priority Low CVSS severity Low 7.7 Developer Claim ownership PSID 8a9512654743 Credits Rafie Muhammad Patchstack...

CVE-2022-41996 WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada premium theme versions = 7.8.1 on WordPress leading to arbitrary plugin installation/activation...