CVE-2024-13345

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 13, 2025

Updated: Feb 24, 2025

CWE ID 94

Summary

CVE-2024-13345 is a vulnerability affecting the Avada Builder plugin for WordPress. This issue, present in all versions up to 3.11.13, allows unauthenticated attackers to execute arbitrary shortcodes due to insufficient validation of user input before the do_shortcode function is called. This vulnerability poses a significant risk, as an attacker can inject malicious code and potentially gain control of a WordPress site. Upgrading to the latest version of the plugin is strongly recommended to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ThemeFusion Avada

Affected Vendors

ThemeFusion

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2Xfh1l
https://www.cve.org/CVERecord?id=CVE-2024-13345
https://nvd.nist.gov/vuln/detail/CVE-2024-13345

Back to Vulnerability Database