5.3
CVE-2024-2340
- EPSS 28%
- Veröffentlicht 09.04.2024 19:15:32
- Zuletzt bearbeitet 08.04.2026 18:21:04
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginAvada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing
Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
Mögliche Gegenmaßnahme
Avada | Website Builder For WordPress & WooCommerce: Update to version 7.11.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Theme-fusion ≫ Avada SwPlatformwordpress Version < 7.11.7
Weitere Schwachstelleninformationen
SystemWordPress Theme
≫
Produkt
Avada | Website Builder For WordPress & WooCommerce
Version
*-7.11.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 28% | 0.978 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-548 Exposure of Information Through Directory Listing
A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
https://avada.com/documentation/avada-changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961