Product
theme fusion avada
21 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-64634
CVE-2024-13346
CVE-2024-54357
CVE-2024-5628
CVE-2023-39312
CVE-2023-39922
CVE-2024-2344
CVE-2024-2343
CVE-2024-2340
CVE-2024-2311
CVE-2023-39309
CVE-2023-39313
CVE-2023-39311
CVE-2023-39307
CVE-2024-1668
CVE-2024-1468
CVE-2020-36711
CVE-2022-41996
CVE-2022-1386
CVE-2017-18607
CVE-2017-18606
<= 7.13.1
Missing Authorization vulnerability in ThemeFusion Avada allows Accessing Functionality Not Properly Constrained by ACLs.Thi
< 7.11.14
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all
< 7.11.11
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
< 7.11.9
The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl
< 7.11.2
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
< 7.11.2
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
< 7.11.7
The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.
< 7.11.7
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all ve
< 7.11.7
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the
< 7.11.7
The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and
<= 3.11.1
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.T
< 7.11.2
Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
<= 3.11.1
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through
< 7.11.2
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11
< 7.11.6
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in ver
< 7.11.5
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing
<= 6.2.3
The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and i
<= 7.8.1
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbit
< 7.6.2
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could
< 5.1.5
The avada theme before 5.1.5 for WordPress has CSRF.
< 5.1.5
The avada theme before 5.1.5 for WordPress has stored XSS.