High severity8.8NVD Advisory· Published Oct 27, 2022· Updated Jun 17, 2026
CVE-2022-41996
CVE-2022-41996
Description
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ThemeFusion/Avada (premium WordPress theme)v5Range: <= 7.8.1
Patches
Vulnerability mechanics
References
3- patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerabilitynvdThird Party Advisory
- theme-fusion.com/documentation-assets/avada/changelog.txtnvdRelease NotesVendor Advisory
- themeforest.net/item/avada-responsive-multipurpose-theme/2833226nvdProduct
News mentions
0No linked articles in our index yet.