📦 Avada

This CVE describes a missing authorization vulnerability in the Avada WordPress theme that allows authenticated users with author-level permissions to perform unrestricted ZIP file extraction. Attacke...

This vulnerability in the Fusion Builder WordPress plugin (used by Avada theme) allows attackers to make arbitrary HTTP requests from the vulnerable server. The server-side request forgery (SSRF) flaw...

This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes in the Avada WordPress theme, potentially leading to remote code execution or data manipulation. It affects all Avad...

The Avada WordPress theme contains a SQL injection vulnerability in the 'entry' parameter that allows authenticated attackers with editor-level permissions or higher to execute arbitrary SQL queries. ...

The Avada WordPress theme has a vulnerability that allows authenticated attackers with contributor-level access or higher to upload arbitrary files due to missing file type validation. This can lead t...

A Cross-Site Request Forgery (CSRF) vulnerability in the Avada WordPress theme allows attackers to trick authenticated administrators into performing unintended actions. This affects all Avada install...

The Avada WordPress plugin has a stored XSS vulnerability in its fusion_button shortcode that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into we...

This CVE describes a missing authorization vulnerability in the Avada WordPress theme that allows authenticated users to perform actions they shouldn't be authorized for. It affects all Avada installa...