Vulnerabilidades em ThemeFusion
44 resultadosCVE-2024-2340MEDIUMAvada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory ListingEPSS 28.0%CVE-2026-6279CRITICALAvada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX HandlerEPSS 2.2%CVE-2024-13346HIGHAvada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 2.1%CVE-2026-8713CRITICALAvada (Fusion) Builder <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry ValueEPSS 1.2%CVE-2024-1468HIGHAvada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File UploadEPSS 1.2%CVE-2024-2344HIGHAvada <= 7.11.6 - Authenticated (Admin+) SQL Injection via entryEPSS 0.8%CVE-2024-2311MEDIUMAvada <= 7.11.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.7%CVE-2024-1668MEDIUMAvada <= 7.11.5 - Authenticated(Contributor+) Sensitive Information Exposure via Form EntriesEPSS 0.7%CVE-2020-36711MEDIUMAvada <= 6.2.2 - Authenticated (Contributor+) Cross-Site ScriptingEPSS 0.6%CVE-2023-39309HIGHWordPress Avada Builder plugin <= 3.11.1 - Auth. SQL Injection vulnerabilityEPSS 0.6%CVE-2023-39307HIGHWordPress Avada theme <= 7.11.1 - Authenticated Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-2343MEDIUMAvada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_actionEPSS 0.5%CVE-2026-4798HIGHAvada Builder <= 3.15.1 - Unauthenticated SQL Injection via 'product_order' ParameterEPSS 0.5%CVE-2024-13345HIGHAvada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2026-12256HIGHWordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-4782MEDIUMAvada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode ParameterEPSS 0.5%CVE-2023-39312CRITICALWordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerabilityEPSS 0.5%CVE-2023-39313HIGHWordPress Avada theme <= 7.11.1 - Authenticated Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.5%CVE-2022-41996HIGHWordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.5%CVE-2023-39310MEDIUMWordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerabilityEPSS 0.4%