Themefusion Avada
8 CVEs affecting Themefusion Avada. Latest disclosed: 2026-04-22. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-39312 | Critical | 9.1 | 2024-06-19 | Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. |
CVE-2023-39307 | High | 8.5 | 2024-03-26 | Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. |
CVE-2023-39313 | High | 7.7 | 2024-03-28 | Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. |
CVE-2025-64634 | Medium | 5.3 | 2025-12-16 | Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from nā¦ |
CVE-2025-24748 | Medium | 5.3 | 2025-07-04 | Missing Authorization vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10. |
CVE-2025-58922 | Medium | 4.3 | 2026-04-22 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2. |
CVE-2024-54357 | Medium | 4.3 | 2024-12-16 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10. |
CVE-2023-39922 | Medium | 4.3 | 2024-06-19 | Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. |