Medium severity5.3NVD Advisory· Published Apr 9, 2024· Updated Apr 8, 2026

CVE-2024-2340

Description

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.

Affected products

Theme Fusion/Avada
cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:*
Range: <7.11.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961nvdThird Party Advisory
avada.com/documentation/avada-changelog/nvdRelease Notes

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.047
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000