VYPR

Avada | Website Builder For WordPress & WooCommerce

by WordPress

CVEs (2)

  • CVE-2024-5628MedSep 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user…

  • CVE-2024-1668MedMar 13, 2024
    risk 0.42cvss 6.5epss 0.01

    The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to…