CVE-2024-13346

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 13, 2025

Updated: Feb 24, 2025

CWE ID 94

Summary

CVE-2024-13346 is a vulnerability affecting the Avada | Website Builder For WordPress & WooCommerce theme for WordPress. The issue, present in all versions up to 7.11.13, allows unauthenticated attackers to execute arbitrary shortcodes. This arises from the theme's failure to sufficiently validate user input before processing do_shortcode. Consequently, attackers can inject and execute malicious code, potentially leading to site takeover or data exfiltration. Users are urged to update to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ThemeFusion Avada

Affected Vendors

ThemeFusion

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2XlUM0
https://www.cve.org/CVERecord?id=CVE-2024-13346
https://nvd.nist.gov/vuln/detail/CVE-2024-13346

Back to Vulnerability Database