Themes Vulnerabilities

2022-10-20

Avada < 7.8.2 - Arbitrary Plugin Instalation/Activation via CRSF

Fixed in version 7.8.2

2022-04-19

Fusion Builder < 3.6.2 - Unauthenticated SSRF

Fixed in version 7.6.2

2021-09-13

Avada < 7.4.2 - Reflected Cross-Site Scripting

Fixed in version 7.4.2

2021-09-10

Avada < 7.4.2 - Stored Cross-Site Scripting

Fixed in version 7.4.2

2020-05-01

Avada < 6.2.3 - Missing Permission Checks leading to Arbitrary Post Creation, Edition, Deletion and Stored XSS

Fixed in version 6.2.3

2017-04-26

Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF

Fixed in version 5.1.5

2015-02-11

WordPress Slider Revolution - Local File Disclosure

Fixed in version 3.4

2014-11-30

WordPress Slider Revolution Shell Upload

Fixed in version 3.4