Themefusion Avada | Website Builder For Wordpress & Woocommerce
8 CVEs affecting Themefusion Avada | Website Builder For Wordpress & Woocommerce. Latest disclosed: 2025-02-13. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1468 | High | 8.8 | 2024-02-29 | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the… |
CVE-2024-13346 | High | 7.3 | 2025-02-13 | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including… |
CVE-2024-2344 | High | 7.2 | 2024-04-09 | The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escapin… |
CVE-2024-1668 | Medium | 6.5 | 2024-03-13 | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.1… |
CVE-2024-2311 | Medium | 6.4 | 2024-04-09 | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insu… |
CVE-2024-2343 | Medium | 6.4 | 2024-04-09 | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including… |
CVE-2020-36711 | Medium | 6.4 | 2023-06-07 | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insuff… |
CVE-2024-2340 | Medium | 5.3 | 2024-04-09 | The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-… |