Theme-fusion Avada Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Theme-fusion Avada Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2024-13345 — CVSS 7.3 (high): The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This…
CVE-2024-12477 — CVSS 6.4 (medium): The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and…
CVE-2025-1665 — CVSS 6.4 (medium): The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all…
CVE-2024-12335 — CVSS 4.3 (medium): The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the…