Themes Vulnerabilities

Avada < 7.4.2 - Stored Cross-Site Scripting

Description

The Avada Forms component allowed unescaped HTML form entries to be loaded on the backend.

Affects Themes

Avada
Fixed in 7.4.2

References

URL
https://theme-fusion.com/documentation/avada/installation-maintenance/avada-changelog/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Theme Fusion
Submitter
Tom van Miltenburg
Submitter website
https://www.milcraft.nl
Verified
Yes
WPVDB ID
8a05ff50-ed05-402f-a1c9-b611dff80d76

Timeline

Publicly Published
2021-09-10 (about 4 years ago)
Added
2021-09-13 (about 4 years ago)
Last Updated
2022-04-08 (about 4 years ago)

Other

Published
Title
Published
2022-05-02
Title
Check & Log email < 1.0.6 - Reflected Cross-Site Scripting
Published
2021-10-06
Title
WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting
Published
2025-11-04
Title
Ohio Extra < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-16
Title
Altima Lookbook Free for WooCommerce <= 1.1.0 - Refletced Cross-Site Scripting
Published
2020-01-19
Title
Elementor Page Builder < 2.8.4 - Cross-Site Scripting (XSS)