Known Vulnerabilities for products from Theme-fusion
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Theme-fusion".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-64634 json | Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACL... | Not Provided | 2025-12-16 | 2026-04-01 |
| CVE-2024-54357 json | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11... | Not Provided | 2024-12-16 | 2026-04-01 |
| CVE-2024-2344 json | The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, ... | Not Provided | 2024-04-09 | 2026-04-08 |
| CVE-2024-2343 json | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in a... | Not Provided | 2024-04-09 | 2026-04-08 |
| CVE-2024-2340 json | The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 vi... | Not Provided | 2024-04-09 | 2026-04-08 |
| CVE-2024-2311 json | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to,... | Not Provided | 2024-04-09 | 2026-04-08 |
| CVE-2024-1668 json | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure i... | Not Provided | 2024-03-13 | 2026-04-08 |
| CVE-2024-1468 json | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to mi... | Not Provided | 2024-02-29 | 2026-04-08 |
| CVE-2022-41996 json | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to ... | 8.8 - HIGH | 2022-10-27 | 2022-11-01 |
| CVE-2022-1386 json | The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which c... | 9.8 - CRITICAL | 2022-05-16 | 2024-03-14 |
| CVE-2020-36711 json | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, ... | Not Provided | 2023-06-07 | 2026-04-08 |
| CVE-2017-18607 json | The avada theme before 5.1.5 for WordPress has CSRF. | 8.8 - HIGH | 2019-09-10 | 2019-09-10 |
| CVE-2017-18606 json | The avada theme before 5.1.5 for WordPress has stored XSS. | 6.1 - MEDIUM | 2019-09-10 | 2019-09-10 |
Known software with vulnerabilities from Theme-fusion
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Theme-fusion | Avada | - |