Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

avada

Source -

ADPNVD

BOS Name -

Avada (ThemeFusion)

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated ProductsRelated AssignersReports
2Vulnerabilities found
CVE-2023-39311
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 39.19%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 13:29
Updated-13 May, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Avada Builder plugin <= 3.11.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.

Action-Not Available
Vendor-avadaAvada (ThemeFusion)
Product-fusion_builderFusion Builderfusion_builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-1468
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-3.61% / 87.33%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 03:30
Updated-05 Feb, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-n/aAvada (ThemeFusion)
Product-avadaAvada | Website Builder For WordPress & WooCommercewebsite_builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type