Theme-fusion

Avada

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-64634

  • EPSS 0.06%
  • Veröffentlicht 16.12.2025 08:12:51
  • Zuletzt bearbeitet 20.01.2026 15:18:59

Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.1.

9.8

CVE-2024-13346

  • EPSS 35.44%
  • Veröffentlicht 13.02.2025 07:15:09
  • Zuletzt bearbeitet 24.02.2025 17:09:53

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not pr...

4.3

CVE-2024-54357

  • EPSS 0.2%
  • Veröffentlicht 16.12.2024 16:15:08
  • Zuletzt bearbeitet 14.04.2025 17:47:41

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.

5.4

CVE-2024-5628

  • EPSS 0.49%
  • Veröffentlicht 13.09.2024 06:15:14
  • Zuletzt bearbeitet 26.09.2024 15:14:26

The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and o...

8.8

CVE-2023-39312

  • EPSS 0.44%
  • Veröffentlicht 19.06.2024 15:15:58
  • Zuletzt bearbeitet 21.11.2024 08:15:08

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

8.8

CVE-2023-39922

  • EPSS 0.22%
  • Veröffentlicht 19.06.2024 13:15:53
  • Zuletzt bearbeitet 05.02.2025 15:04:43

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

7.2

CVE-2024-2344

Exploit
  • EPSS 0.88%
  • Veröffentlicht 09.04.2024 19:15:33
  • Zuletzt bearbeitet 05.02.2025 15:49:42

The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL que...

6.4

CVE-2024-2343

Exploit
  • EPSS 0.28%
  • Veröffentlicht 09.04.2024 19:15:33
  • Zuletzt bearbeitet 31.01.2025 02:08:29

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attack...

5.3

CVE-2024-2340

  • EPSS 58.18%
  • Veröffentlicht 09.04.2024 19:15:32
  • Zuletzt bearbeitet 31.01.2025 01:57:32

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitiv...

5.4

CVE-2024-2311

Exploit
  • EPSS 0.53%
  • Veröffentlicht 09.04.2024 19:15:31
  • Zuletzt bearbeitet 05.02.2025 15:48:59

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it ...