| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-58922 | WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability | ThemeFusion | Avada | Medium | 4.3 | 2026-04-22 15:44:48 | Deep Dive |
| CVE-2026-1541 | Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference | themefusion | Avada (Fusion) Builder | Medium | 4.3 | 2026-04-15 01:25:18 | Deep Dive |
| CVE-2026-1509 | Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution | themefusion | Avada (Fusion) Builder | Medium | 5.4 | 2026-04-15 01:25:18 | Deep Dive |
| CVE-2026-32454 | WordPress Avada Core plugin < 5.15.0 - Cross Site Scripting (XSS) vulnerability | ThemeFusion | Avada Core | 中危 | - | 2026-03-13 11:42:22 | Deep Dive |
| CVE-2026-32453 | WordPress Avada Core plugin < 5.15.0 - Broken Access Control vulnerability | ThemeFusion | Avada Core | 中危 | - | 2026-03-13 11:42:22 | Deep Dive |
| CVE-2025-64634 | WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability | ThemeFusion | Avada | Medium | 5.3 | 2025-12-16 08:12:51 | Deep Dive |
| CVE-2025-6747 | Avada (Fusion) Builder <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | themefusion | Avada (Fusion) Builder | Medium | 6.4 | 2025-07-16 06:40:43 | Deep Dive |
| CVE-2025-24748 | WordPress Avada theme <= 7.11.10 - Broken Access Control vulnerability | ThemeFusion | Avada | Medium | 5.3 | 2025-07-04 08:42:05 | Deep Dive |
| CVE-2025-1665 | Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | themefusion | Avada (Fusion) Builder | Medium | 6.4 | 2025-04-01 05:22:46 | Deep Dive |
| CVE-2024-13345 | Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution | themefusion | Avada (Fusion) Builder | High | 7.3 | 2025-02-13 06:58:05 | Deep Dive |
| CVE-2024-13346 | Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | High | 7.3 | 2025-02-13 06:58:05 | Deep Dive |
| CVE-2024-12477 | Avada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets | themefusion | Avada (Fusion) Builder | Medium | 6.4 | 2025-01-22 21:21:54 | Deep Dive |
| CVE-2024-12335 | Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure | themefusion | Avada (Fusion) Builder | Medium | 4.3 | 2024-12-25 06:42:14 | Deep Dive |
| CVE-2024-54357 | WordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerability | ThemeFusion | Avada | Medium | 4.3 | 2024-12-16 15:57:53 | Deep Dive |
| CVE-2023-39312 | WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability | ThemeFusion | Avada | Critical | 9.1 | 2024-06-19 14:23:40 | Deep Dive |
| CVE-2023-39922 | WordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerability | ThemeFusion | Avada | Medium | 4.3 | 2024-06-19 12:17:05 | Deep Dive |
| CVE-2024-2311 | Avada <= 7.11.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.4 | 2024-04-09 18:59:36 | Deep Dive |
| CVE-2024-2344 | Avada <= 7.11.6 - Authenticated (Admin+) SQL Injection via entry | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | High | 7.2 | 2024-04-09 18:59:22 | Deep Dive |
| CVE-2024-2340 | Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 5.3 | 2024-04-09 18:59:07 | Deep Dive |
| CVE-2024-2343 | Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.4 | 2024-04-09 18:59:04 | Deep Dive |