themefusion
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting themefusion.
- CVE-2026-8713Avada (Fusion) Builder <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value9.1
- CVE-2026-54193WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability7.7
- CVE-2026-54194WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability9.8
- CVE-2026-6279Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler9.8
- CVE-2026-4782Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter6.5
- CVE-2026-4798Avada Builder <= 3.15.1 - Unauthenticated SQL Injection via 'product_order' Parameter7.5
- CVE-2025-24748WordPress Avada theme <= 7.11.10 - Broken Access Control vulnerability5.3
- CVE-2025-1665Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-13345Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution7.3
- CVE-2024-13346Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution7.3
- CVE-2024-12477Avada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets6.4
- CVE-2024-12335Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure4.3
- CVE-2024-5628Avada | Website Builder For WordPress & eCommerce <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode6.4
- CVE-2023-39312WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability9.1
- CVE-2023-39310WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability5.4