Vulnerabilities > Theme Fusion

DATE	CVE	VULNERABILITY TITLE	RISK
2025-04-01	CVE-2025-1665	Cross-site Scripting vulnerability in Theme-Fusion Avada Builder The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity theme-fusion CWE-79	5.4
2025-02-13	CVE-2024-13345	Code Injection vulnerability in Theme-Fusion Avada Builder The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. network low complexity theme-fusion CWE-94 critical	9.8
2025-02-13	CVE-2024-13346	Code Injection vulnerability in Theme-Fusion Avada The Avada \| Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. network low complexity theme-fusion CWE-94 critical	9.8
2025-01-22	CVE-2024-12477	Cross-site Scripting vulnerability in Theme-Fusion Avada Builder The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity theme-fusion CWE-79	5.4
2024-12-25	CVE-2024-12335	Authorization Bypass Through User-Controlled Key vulnerability in Theme-Fusion Avada Builder The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. network low complexity theme-fusion CWE-639	4.3
2024-12-16	CVE-2024-54357	Cross-Site Request Forgery (CSRF) vulnerability in Theme-Fusion Avada Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10. network low complexity theme-fusion CWE-352	4.3
2024-09-13	CVE-2024-5628	Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada \| Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity theme-fusion CWE-79	5.4
2024-06-19	CVE-2023-39312	Unspecified vulnerability in Theme-Fusion Avada Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. network low complexity theme-fusion	8.8
2024-06-19	CVE-2023-39922	Unspecified vulnerability in Theme-Fusion Avada Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. network low complexity theme-fusion	8.8
2024-04-09	CVE-2024-2311	Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity theme-fusion CWE-79	5.4

Vulnerabilities > Theme Fusion {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Theme Fusion"}]}

Vulnerabilities > Theme Fusion