CVE-2017-18606

The avada theme before 5.1.5 for WordPress has stored XSS.

CVE-2017-18607

The avada theme before 5.1.5 for WordPress has CSRF.