8.8
CVE-2023-39307
- EPSS 0.53%
- Veröffentlicht 26.03.2024 21:15:51
- Zuletzt bearbeitet 28.04.2026 19:21:04
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress Avada theme <= 7.11.1 - Authenticated Arbitrary File Upload vulnerability
Avada <= 7.11.1 - Authenticated(Contributor+) Arbitrary File Upload via 'ajax_import_options'
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
Mögliche Gegenmaßnahme
Avada | Website Builder For WordPress & WooCommerce: Update to version 7.11.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Theme-fusion ≫ Avada SwPlatformwordpress Version < 7.11.2
Weitere Schwachstelleninformationen
SystemWordPress Theme
≫
Produkt
Avada | Website Builder For WordPress & WooCommerce
Version
*-7.11.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.404 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 8.5 | 1.8 | 6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/a73f7812-771d-4d9f-9a7c-e4e01ec05023