Vulnerabilities > Theme Fusion
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-5628 | Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-19 | CVE-2023-39312 | Unspecified vulnerability in Theme-Fusion Avada Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | 8.8 |
| 2023-06-07 | CVE-2020-36711 | Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2022-10-27 | CVE-2022-41996 | Cross-Site Request Forgery (CSRF) vulnerability in Theme-Fusion Avada Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. | 8.8 |
| 2022-05-16 | CVE-2022-1386 | The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. | 9.8 |
| 2019-09-10 | CVE-2017-18607 | Cross-Site Request Forgery (CSRF) vulnerability in Theme-Fusion Avada The avada theme before 5.1.5 for WordPress has CSRF. | 8.8 |
| 2019-09-10 | CVE-2017-18606 | Cross-site Scripting vulnerability in Theme-Fusion Avada The avada theme before 5.1.5 for WordPress has stored XSS. | 6.1 |