Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF

Sign up to our free email alerts service for instant vulnerability notifications!

Proof of Concept
http://cdn.wphutte.com/Avada/5.1.4/xss.html
http://cdn.wphutte.com/Avada/5.1.4/csrf.html

Affects

Theme
fixed in version 5.1.5

References

URL http://theme-fusion.com/avada-documentation/changelog.txt
URL http://wphutte.com/avada-5-1-4-stored-xss-and-csrf/

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter WpHutte
Submitter Website http://wphutte.com/
Submitter Twitter wphutte
Views 842
Verified No
WPVDB ID 8801

Timeline

Publicly Published 2017-04-26 (3 months ago)
Added 2017-05-02 (3 months ago)
Last Updated 2017-05-04 (3 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.