Vulnerabilities > Theme Fusion > Avada > 7.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-27 | CVE-2022-41996 | Cross-Site Request Forgery (CSRF) vulnerability in Theme-Fusion Avada Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. | 8.8 |
| 2022-05-16 | CVE-2022-1386 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. | 9.8 |