Every CVE whose affected-product data names Theme-fusion Avada, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2022-1386 — CVSS 9.8 (critical): The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used…
CVE-2023-39312 — CVSS 9.1 (critical): Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
CVE-2024-1468 — CVSS 8.8 (high): The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file…
CVE-2022-41996 — CVSS 8.8 (high): Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary…
CVE-2023-39307 — CVSS 8.5 (high): Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
CVE-2023-39313 — CVSS 7.7 (high): Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
CVE-2024-13346 — CVSS 7.3 (high): The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions…
CVE-2024-2344 — CVSS 7.2 (high): The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to…
CVE-2024-1668 — CVSS 6.5 (medium): The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up…
CVE-2024-5628 — CVSS 6.4 (medium): The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2020-36711 — CVSS 6.4 (medium): The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including…
CVE-2024-2311 — CVSS 6.4 (medium): The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and…
CVE-2024-2343 — CVSS 6.4 (medium): The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up…
CVE-2024-2340 — CVSS 5.3 (medium): The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the…
CVE-2025-64634 — CVSS 5.3 (medium): Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue…
CVE-2024-54357 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
CVE-2023-39922 — CVSS 4.3 (medium): Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.