WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

Themes Vulnerabilities

Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF

Description

The Avada WordPress theme was affected by a Stored Cross-Site Scripting (XSS) & CSRF  security vulnerability.

Proof of Concept

http://cdn.wphutte.com/Avada/5.1.4/xss.html
http://cdn.wphutte.com/Avada/5.1.4/csrf.html

Affects Themes

Avada
Fixed in version 5.1.5

References

CVE
CVE-2017-18607
CVE
CVE-2017-18606
URL
http://wphutte.com/avada-5-1-4-stored-xss-and-csrf/
URL
http://theme-fusion.com/avada-documentation/changelog.txt
URL
https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter

WpHutte

Submitter website
http://wphutte.com/
Submitter twitter
wphutte
Verified

No

WPVDB ID
acad98b6-510e-47df-a264-b1412330ebec

Timeline

Publicly Published

2017-04-26 (about 5 years ago)

Added

2017-05-02 (about 5 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin