Themefusion Avada vulnerabilities
10 known vulnerabilities affecting themefusion/avada.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH6MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-39312P2HIGHCVSS 8.8Exploited≥ n/a, ≤ 7.11.12024-06-19
CVE-2023-39312 [HIGH] CWE-862 CVE-2023-39312: Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
nvd
CVE-2023-39307P3HIGHCVSS 8.8≥ n/a, ≤ 7.11.12024-03-26
CVE-2023-39307 [HIGH] CWE-434 CVE-2023-39307: Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affect
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
nvd
CVE-2023-39922P3HIGHCVSS 8.8≥ n/a, ≤ 7.11.12024-06-19
CVE-2023-39922 [HIGH] CWE-862 CVE-2023-39922: Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
nvd
CVE-2023-39313P3HIGHCVSS 7.7≥ n/a, ≤ 7.11.12024-03-28
CVE-2023-39313 [HIGH] CWE-918 CVE-2023-39313: Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from
Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
nvd
CVE-2022-41996P3HIGHCVSS 8.8≤ 7.8.12022-10-27
CVE-2022-41996 [HIGH] CWE-352 CVE-2022-41996: Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation.
nvd
CVE-2025-24748P4MEDIUMCVSS 5.3≤ 7.11.102025-07-04
CVE-2025-24748 [MEDIUM] CWE-862 CVE-2025-24748: Missing Authorization vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a th
Missing Authorization vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
nvd
CVE-2025-64634P4MEDIUMCVSS 5.3≤ 7.13.22025-12-16
CVE-2025-64634 [MEDIUM] CWE-862 CVE-2025-64634: Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Pr
Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.2.
nvd
CVE-2024-54357P4MEDIUMCVSS 4.3≤ 7.11.102024-12-16
CVE-2024-54357 [MEDIUM] CWE-352 CVE-2024-54357: Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada:
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
nvd
CVE-2025-58922P4MEDIUMCVSS 4.3≥ n/a, < 7.13.22026-04-22
CVE-2025-58922 [MEDIUM] CWE-352 CVE-2025-58922: Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forge
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.
nvd
CVE-2026-12256HIGHCVSS 8.8≥ n/a, ≤ 3.15.32026-06-16
CVE-2026-12256 [HIGH] CWE-502 WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability
WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Avada <= 3.15.3 versions.
cvelistv5