Filtered by vendor Theme-fusion
Subscribe
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36711 | 1 Theme-fusion | 1 Avada | 2026-06-17 | N/A | 6.4 MEDIUM |
| The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2017-18607 | 1 Theme-fusion | 1 Avada | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The avada theme before 5.1.5 for WordPress has CSRF. | |||||
| CVE-2017-18606 | 1 Theme-fusion | 1 Avada | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The avada theme before 5.1.5 for WordPress has stored XSS. | |||||