Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF



Proof of Concept
http://cdn.wphutte.com/Avada/5.1.4/xss.html
http://cdn.wphutte.com/Avada/5.1.4/csrf.html

Affects Theme

fixed in version 5.1.5

References

URL http://theme-fusion.com/avada-documentation/changelog.txt
URL http://wphutte.com/avada-5-1-4-stored-xss-and-csrf/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter WpHutte
Submitter Website http://wphutte.com/
Submitter Twitter wphutte
Views 5646
Verified No
WPVDB ID 8801

Timeline

Publicly Published 2017-04-26 (over 2 years ago)
Added 2017-05-02 (over 2 years ago)
Last Updated 2018-08-29 (12 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin