Avada < 7.11.7 – Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing | CVE 2024-2340 | Theme Vulnerabilities

Description

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.

Proof of Concept

Access the URL: https://target-site.tld/wp-content/uploads/fusion-forms/ on sites running Avada with versions lower than 7.11.7 and that have directory browsing enabled on their webserver to have access to the files uploaded in there.

Affects Themes

Fixed in 7.11.7

Fixed in 7.11.7

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Muhammad Zeeshan (Xib3rR4dAr)

Verified

Yes

WPVDB ID

507e1d07-4953-4a31-81e8-80f01f971e2a

Timeline

Publicly Published

2024-03-20 (about 2 years ago)

Added

2024-03-20 (about 2 years ago)

Last Updated

2024-03-20 (about 2 years ago)

Other

Published

Title

Published

2023-04-10

Title

Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure

Published

2024-04-05

Title

Subscribe To Comments Reloaded < 240119 - Unauthenticated Sensitive Information Exposure

Published

2024-05-10

Title

Gutenify < 1.4.1 - Unauthenticated Sensitive Information Exposure

Published

2024-10-14

Title

Elementor < 3.24.6 - Contributor+ Information Exposure via get_image_alt

Published

2024-09-05

Title

AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure