Avada

avada
Theme closed

Vulnerabilities:

9

Last Updated:

January 12, 2026

Active Installs:

n/a

Published
Title
Fixed in
CVSS
Published
2024-03-20
Title
Avada < 7.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Fixed in
Fixed in 7.11.7
CVSS
6.4 (medium)
Published
2024-03-20
Title
Avada < 7.11.7 - Authenticated (Admin+) SQL Injection via entry
Fixed in
Fixed in 7.11.7
CVSS
7.2 (high)
Published
2024-03-20
Title
Avada < 7.11.7 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing
Fixed in
Fixed in 7.11.7
CVSS
5.3 (medium)
Published
2024-03-20
Title
Avada < 7.11.7 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action
Fixed in
Fixed in 7.11.7
CVSS
6.4 (medium)
Published
2024-02-28
Title
Avada | Website Builder For WordPress & WooCommerce < 7.11.5 - Authenticated (Contributor+) Arbitrary File Upload
Fixed in
Fixed in 7.11.5
CVSS
8.8 (high)
Published
2024-01-29
Title
Avada < 7.11.2 - Subscriber+ Portfolio Permalinks Creation
Fixed in
Fixed in 7.11.2
CVSS
4.3 (medium)
Published
2024-01-29
Title
Avada < 7.11.2 - Author+ Arbitrary File Upload via Zip Extraction
Fixed in
Fixed in 7.11.2
CVSS
7.2 (high)
Published
2024-01-29
Title
Avada < 7.11.2 - Contributor+ SSRF
Fixed in
Fixed in 7.11.2
CVSS
8.5 (high)
Published
2024-01-29
Title
Avada < 7.11.2 - Contributor+ Arbitrary File Upload
Fixed in
Fixed in 7.11.2
CVSS
6.6 (medium)