Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF



Proof of Concept
http://cdn.wphutte.com/Avada/5.1.4/xss.html
http://cdn.wphutte.com/Avada/5.1.4/csrf.html

Affects Theme

fixed in version 5.1.5

References

CVE 2017-18607
CVE 2017-18606
URL http://theme-fusion.com/avada-documentation/changelog.txt
URL http://wphutte.com/avada-5-1-4-stored-xss-and-csrf/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter WpHutte
Submitter Website http://wphutte.com/
Submitter Twitter wphutte
Views 8690
Verified No
WPVDB ID 8801

Timeline

Publicly Published 2017-04-26 (over 2 years ago)
Added 2017-05-02 (over 2 years ago)
Last Updated 2019-09-10 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin