Avada Security Vulnerabilities and Issues — Avada CVE List

Lucene search

Theme-fusionAvada

3 matches found

CVE•added 2022/05/16 3:15 p.m.•513 views

CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the ser...

9.8CVSS9.2AI score0.93146EPSS

CVE•added 2025/02/13 7:15 a.m.•75 views

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortco...

9.8CVSS7.7AI score0.1728EPSS

CVE•added 2024/06/19 3:15 p.m.•48 views

CVE-2023-39312

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

9.1CVSS9.1AI score0.00311EPSS