Vulnerabilities > Theme Fusion > Avada > 7.11.7

DATE CVE VULNERABILITY TITLE RISK
2025-02-13 CVE-2024-13346 Code Injection vulnerability in Theme-Fusion Avada
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13.
network
low complexity
theme-fusion CWE-94
critical
 9.8
9.8
2024-12-16 CVE-2024-54357 Cross-Site Request Forgery (CSRF) vulnerability in Theme-Fusion Avada
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.
network
low complexity
theme-fusion CWE-352
4.3
4.3