Vulnerabilidades en ThemeFusion
44 resultadosCVE-2026-54194CRITICALWordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-12335MEDIUMAvada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post DisclosureEPSS 0.4%CVE-2026-1543MEDIUMAvada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple ShortcodesEPSS 0.3%CVE-2026-54193HIGHWordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerabilityEPSS 0.3%CVE-2023-39306HIGHWordPress Avada Builder plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-1509MEDIUMAvada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action ExecutionEPSS 0.3%CVE-2023-39922MEDIUMWordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-5628MEDIUMAvada | Website Builder For WordPress & eCommerce <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button ShortcodeEPSS 0.3%CVE-2026-1541MEDIUMAvada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object ReferenceEPSS 0.3%CVE-2025-1665MEDIUMAvada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-24748MEDIUMWordPress Avada theme <= 7.11.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-39311HIGHWordPress Avada Builder plugin <= 3.11.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-12477MEDIUMAvada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple WidgetsEPSS 0.2%CVE-2025-64634MEDIUMWordPress Avada theme <= 7.13.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-49940MEDIUMWordPress Fusion Builder plugin <= 3.13.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-6747MEDIUMAvada (Fusion) Builder <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.2%CVE-2026-32452MEDIUMWordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32453MEDIUMWordPress Avada Core plugin < 5.15.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-54357MEDIUMWordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-32451MEDIUMWordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerabilityEPSS 0.2%