Vulnerabilities > Theme Fusion > Avada > 5.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-07 | CVE-2020-36711 | Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
2022-10-27 | CVE-2022-41996 | Cross-Site Request Forgery (CSRF) vulnerability in Theme-Fusion Avada Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. | 8.8 |
2022-05-16 | CVE-2022-1386 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. | 9.8 |