| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-58922 | WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability | ThemeFusion | Avada | Medium | 4.3 | 2026-04-22 15:44:48 | Deep Dive |
| CVE-2026-1509 | Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution | themefusion | Avada (Fusion) Builder | Medium | 5.4 | 2026-04-15 01:25:18 | Deep Dive |
| CVE-2026-1541 | Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference | themefusion | Avada (Fusion) Builder | Medium | 4.3 | 2026-04-15 01:25:18 | Deep Dive |
| CVE-2026-32542 | WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerability | ThemeFusion | Fusion Builder | 中危 | - | 2026-03-25 16:15:12 | Deep Dive |
| CVE-2026-32454 | WordPress Avada Core plugin < 5.15.0 - Cross Site Scripting (XSS) vulnerability | ThemeFusion | Avada Core | 中危 | - | 2026-03-13 11:42:22 | Deep Dive |
| CVE-2026-32453 | WordPress Avada Core plugin < 5.15.0 - Broken Access Control vulnerability | ThemeFusion | Avada Core | 中危 | - | 2026-03-13 11:42:22 | Deep Dive |
| CVE-2026-32452 | WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability | ThemeFusion | Fusion Builder | 中危 | - | 2026-03-13 11:42:22 | Deep Dive |
| CVE-2026-32451 | WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability | ThemeFusion | Fusion Builder | 中危 | - | 2026-03-13 11:42:21 | Deep Dive |
| CVE-2026-25472 | WordPress Fusion Builder plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability | ThemeFusion | Fusion Builder | - | - | 2026-02-19 08:27:09 | Deep Dive |
| CVE-2025-64634 | WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability | ThemeFusion | Avada | Medium | 5.3 | 2025-12-16 08:12:51 | Deep Dive |
| CVE-2025-49940 | WordPress Fusion Builder plugin <= 3.13.2 - Cross Site Scripting (XSS) vulnerability | ThemeFusion | Fusion Builder | - | - | 2025-10-22 14:32:17 | Deep Dive |
| CVE-2025-6747 | Avada (Fusion) Builder <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | themefusion | Avada (Fusion) Builder | Medium | 6.4 | 2025-07-16 06:40:43 | Deep Dive |
| CVE-2025-24748 | WordPress Avada theme <= 7.11.10 - Broken Access Control vulnerability | ThemeFusion | Avada | Medium | 5.3 | 2025-07-04 08:42:05 | Deep Dive |
| CVE-2025-1665 | Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | themefusion | Avada (Fusion) Builder | Medium | 6.4 | 2025-04-01 05:22:46 | Deep Dive |
| CVE-2024-13345 | Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution | themefusion | Avada (Fusion) Builder | High | 7.3 | 2025-02-13 06:58:05 | Deep Dive |
| CVE-2024-13346 | Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | High | 7.3 | 2025-02-13 06:58:05 | Deep Dive |
| CVE-2024-12477 | Avada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets | themefusion | Avada (Fusion) Builder | Medium | 6.4 | 2025-01-22 21:21:54 | Deep Dive |
| CVE-2024-12335 | Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure | themefusion | Avada (Fusion) Builder | Medium | 4.3 | 2024-12-25 06:42:14 | Deep Dive |
| CVE-2024-54357 | WordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerability | ThemeFusion | Avada | Medium | 4.3 | 2024-12-16 15:57:53 | Deep Dive |
| CVE-2024-5628 | Avada | Website Builder For WordPress & eCommerce <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode | themefusion | Avada (Fusion) Builder | Medium | 6.4 | 2024-09-13 05:30:56 | Deep Dive |