Vulnerabilities > Theme Fusion > Avada > 7.9

DATE CVE VULNERABILITY TITLE RISK
2025-02-13 CVE-2024-13346 Code Injection vulnerability in Theme-Fusion Avada
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13.
network
low complexity
theme-fusion CWE-94
critical
 9.8
9.8
2024-12-16 CVE-2024-54357 Cross-Site Request Forgery (CSRF) vulnerability in Theme-Fusion Avada
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.
network
low complexity
theme-fusion CWE-352
4.3
4.3
2024-06-19 CVE-2023-39312 Unspecified vulnerability in Theme-Fusion Avada
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
network
low complexity
theme-fusion
8.8
8.8
2024-06-19 CVE-2023-39922 Unspecified vulnerability in Theme-Fusion Avada
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
network
low complexity
theme-fusion
8.8
8.8
2024-04-09 CVE-2024-2311 Cross-site Scripting vulnerability in Theme-Fusion Avada
The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
theme-fusion CWE-79
5.4
5.4
2024-03-28 CVE-2023-39313 Unspecified vulnerability in Theme-Fusion Avada
Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
network
low complexity
theme-fusion
7.7
7.7
2024-03-26 CVE-2023-39307 Unspecified vulnerability in Theme-Fusion Avada
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
network
low complexity
theme-fusion
8.8
8.8