CVE-2025-58922
published 2026-04-22CVE-2025-58922: Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.
PriorityP416medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.10%
1.1th percentile
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| themefusion | avada | >= n/a < 7.13.2 | 7.13.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p24m-7r2j-27vw: Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery
ghsa_unreviewed·2026-04-22
CVE-2025-58922 [MEDIUM] CWE-352 GHSA-p24m-7r2j-27vw: Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.
VulDB
ThemeFusion Avada Plugin up to 7.13.1 on WordPress cross-site request forgery
vuldb·2026-04-22·CVSS 4.3
CVE-2025-58922 [MEDIUM] ThemeFusion Avada Plugin up to 7.13.1 on WordPress cross-site request forgery
A vulnerability was found in ThemeFusion Avada Plugin up to 7.13.1 on WordPress. It has been classified as problematic. The affected element is an unknown function. This manipulation causes cross-site request forgery.
This vulnerability is registered as CVE-2025-58922. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is recommended.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-22
Published