Avada 漏洞列表
共找到 4 个与 Avada 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2024-2340: Avada < 7.11.7 - Information Disclosure POC
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. -
CVE-2024-2340: Avada < 7.11.7 - Information Disclosure POC
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. -
avada-xss: WordPress Avada Website Builder <7.4.2 - Cross-Site Scripting POC
WordPress Avada Website Builder prior to 7.4.2 contains a cross-site scripting vulnerability. The theme does not properly escape bbPress searches before outputting them back as breadcrumbs. -
WordPress plugin Avada Builder 跨站脚本漏洞 无POC
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Avada Builder 3.11.11及之前版本存在跨站脚本漏洞,该漏洞源于对用户提供的属性的输入清理和输出转义不足,容易受到存储型跨站脚本攻击。