Vulnerabilities > Theme Fusion

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-13	CVE-2024-13345	Code Injection vulnerability in Theme-Fusion Avada The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. network low complexity theme-fusion CWE-94 critical	9.8
2025-02-13	CVE-2024-13346	Code Injection vulnerability in Theme-Fusion Avada The Avada \| Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. network low complexity theme-fusion CWE-94 critical	9.8
2024-09-13	CVE-2024-5628	Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada \| Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity theme-fusion CWE-79	5.4
2024-06-19	CVE-2023-39312	Unspecified vulnerability in Theme-Fusion Avada Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. network low complexity theme-fusion	8.8
2024-06-19	CVE-2023-39922	Unspecified vulnerability in Theme-Fusion Avada Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. network low complexity theme-fusion	8.8
2024-04-09	CVE-2024-2311	Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity theme-fusion CWE-79	5.4
2024-03-28	CVE-2023-39313	Unspecified vulnerability in Theme-Fusion Avada Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. network low complexity theme-fusion	7.7
2024-03-26	CVE-2023-39307	Unspecified vulnerability in Theme-Fusion Avada Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. network low complexity theme-fusion	8.8
2023-06-07	CVE-2020-36711	Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. network low complexity theme-fusion CWE-79	5.4
2022-10-27	CVE-2022-41996	Cross-Site Request Forgery (CSRF) vulnerability in Theme-Fusion Avada Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. network low complexity theme-fusion CWE-352	8.8

Vulnerabilities > Theme Fusion {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Theme Fusion"}]}

Vulnerabilities > Theme Fusion