CVE-2022-41996 - Vulnerability Details

Vendors	Products
Theme-fusion	Avada

Link	Providers
https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://theme-fusion.com/documentation-assets/avada/changelog.txt
https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41996", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "datePublished": "2022-10-27T16:51:42.567Z", "dateUpdated": "2025-02-20T19:58:04.580Z", "dateReserved": "2022-10-19T00:00:00.000Z"}, "containers": {"cna": {"title": "WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability", "datePublic": "2022-10-20T00:00:00.000Z", "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2022-10-27T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation."}], "affected": [{"vendor": "ThemeFusion", "product": "Avada (premium WordPress theme)", "versions": [{"version": "<= 7.8.1", "status": "affected", "lessThanOrEqual": "7.8.1", "versionType": "custom"}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}, {"url": "https://theme-fusion.com/documentation-assets/avada/changelog.txt"}, {"url": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226"}], "credits": [{"lang": "en", "value": "Vulnerability discovered by Dave Jong (Patchstack)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Update to 7.8.2 or higher version."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:39.270Z"}, "title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["x_transferred"]}, {"url": "https://theme-fusion.com/documentation-assets/avada/changelog.txt", "tags": ["x_transferred"]}, {"url": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-20T19:17:22.483793Z", "id": "CVE-2022-41996", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T19:58:04.580Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2022-41996 (string)

assignerOrgId : 21595511-bba5-4825-b968-b78d1f9984a3 (string)

assignerShortName : Patchstack (string)

datePublished : 2022-10-27T16:51:42.567Z (string)

dateUpdated : 2025-02-20T19:58:04.580Z (string)

dateReserved : 2022-10-19T00:00:00.000Z (string)

}

containers : { »

cna : { »

title : WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability (string)

datePublic : 2022-10-20T00:00:00.000Z (string)

providerMetadata : { »

orgId : 21595511-bba5-4825-b968-b78d1f9984a3 (string)

shortName : Patchstack (string)

dateUpdated : 2022-10-27T00:00:00.000Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. (string)

}

]

affected : [ »

0 : { »

vendor : ThemeFusion (string)

product : Avada (premium WordPress theme) (string)

versions : [ »

0 : { »

version : <= 7.8.1 (string)

status : affected (string)

lessThanOrEqual : 7.8.1 (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve (string)

}

1 : { »

url : https://theme-fusion.com/documentation-assets/avada/changelog.txt (string)

}

2 : { »

url : https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226 (string)

}

]

credits : [ »

0 : { »

lang : en (string)

value : Vulnerability discovered by Dave Jong (Patchstack) (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

version : 3.1 (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

attackVector : NETWORK (string)

attackComplexity : LOW (string)

privilegesRequired : NONE (string)

userInteraction : REQUIRED (string)

scope : UNCHANGED (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

lang : en (string)

description : CWE-352 Cross-Site Request Forgery (CSRF) (string)

cweId : CWE-352 (string)

}

]

}

]

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

source : { »

discovery : EXTERNAL (string)

}

solutions : [ »

0 : { »

lang : en (string)

value : Update to 7.8.2 or higher version. (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T12:56:39.270Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://theme-fusion.com/documentation-assets/avada/changelog.txt (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-02-20T19:17:22.483793Z (string)

id : CVE-2022-41996 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-20T19:58:04.580Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["x_transferred"]}, {"url": "https://theme-fusion.com/documentation-assets/avada/changelog.txt", "tags": ["x_transferred"]}, {"url": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:39.270Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-41996", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-20T19:17:22.483793Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T19:17:24.529Z"}}], "cna": {"title": "WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Vulnerability discovered by Dave Jong (Patchstack)"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ThemeFusion", "product": "Avada (premium WordPress theme)", "versions": [{"status": "affected", "version": "<= 7.8.1", "versionType": "custom", "lessThanOrEqual": "7.8.1"}]}], "solutions": [{"lang": "en", "value": "Update to 7.8.2 or higher version."}], "datePublic": "2022-10-20T00:00:00.000Z", "references": [{"url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}, {"url": "https://theme-fusion.com/documentation-assets/avada/changelog.txt"}, {"url": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2022-10-27T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41996", "state": "PUBLISHED", "dateUpdated": "2025-02-20T19:58:04.580Z", "dateReserved": "2022-10-19T00:00:00.000Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2022-10-27T16:51:42.567Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://theme-fusion.com/documentation-assets/avada/changelog.txt (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T12:56:39.270Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-41996 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-02-20T19:17:22.483793Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-20T19:17:24.529Z (string)

}

]

cna : { »

title : WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability (string)

source : { »

discovery : EXTERNAL (string)

}

credits : [ »

0 : { »

lang : en (string)

value : Vulnerability discovered by Dave Jong (Patchstack) (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 8.8 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : HIGH (string)

}

]

affected : [ »

0 : { »

vendor : ThemeFusion (string)

product : Avada (premium WordPress theme) (string)

versions : [ »

0 : { »

status : affected (string)

version : <= 7.8.1 (string)

versionType : custom (string)

lessThanOrEqual : 7.8.1 (string)

}

]

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Update to 7.8.2 or higher version. (string)

}

]

datePublic : 2022-10-20T00:00:00.000Z (string)

references : [ »

0 : { »

url : https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve (string)

}

1 : { »

url : https://theme-fusion.com/documentation-assets/avada/changelog.txt (string)

}

2 : { »

url : https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226 (string)

}

]

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-352 (string)

description : CWE-352 Cross-Site Request Forgery (CSRF) (string)

}

]

}

]

providerMetadata : { »

orgId : 21595511-bba5-4825-b968-b78d1f9984a3 (string)

shortName : Patchstack (string)

dateUpdated : 2022-10-27T00:00:00.000Z (string)

}

cveMetadata : { »

cveId : CVE-2022-41996 (string)

state : PUBLISHED (string)

dateUpdated : 2025-02-20T19:58:04.580Z (string)

dateReserved : 2022-10-19T00:00:00.000Z (string)

assignerOrgId : 21595511-bba5-4825-b968-b78d1f9984a3 (string)

datePublished : 2022-10-27T16:51:42.567Z (string)

assignerShortName : Patchstack (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "04ECBF66-134A-4545-89BC-09C64974FBD3", "versionEndIncluding": "7.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el tema premium del ThemeFusion Avada en versiones &lt;= 7.8.1 en WordPress, lo que provoca la instalaci\u00f3n/activaci\u00f3n arbitraria de complementos."}], "id": "CVE-2022-41996", "lastModified": "2024-11-21T07:24:14.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-27T17:15:10.650", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}, {"source": "audit@patchstack.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://theme-fusion.com/documentation-assets/avada/changelog.txt"}, {"source": "audit@patchstack.com", "tags": ["Product"], "url": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://theme-fusion.com/documentation-assets/avada/changelog.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:* (string)

matchCriteriaId : 04ECBF66-134A-4545-89BC-09C64974FBD3 (string)

versionEndIncluding : 7.8.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el tema premium del ThemeFusion Avada en versiones <= 7.8.1 en WordPress, lo que provoca la instalación/activación arbitraria de complementos. (string)

}

]

id : CVE-2022-41996 (string)

lastModified : 2024-11-21T07:24:14.280 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : audit@patchstack.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-10-27T17:15:10.650 (string)

references : [ »

0 : { »

source : audit@patchstack.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve (string)

}

1 : { »

source : audit@patchstack.com (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://theme-fusion.com/documentation-assets/avada/changelog.txt (string)

}

2 : { »

source : audit@patchstack.com (string)

tags : [ »

0 : Product (string)

]

url : https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://theme-fusion.com/documentation-assets/avada/changelog.txt (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Product (string)

]

url : https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226 (string)

}

]

sourceIdentifier : audit@patchstack.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

]

source : audit@patchstack.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object