CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1468 – Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-1468
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El Avada | El tema Website Builder para WordPress y WooCommerce para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función ajax_import_options() en todas las versiones hasta la 7.11.4 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código. • https://avada.com/documentation/avada-changelog https://www.wordfence.com/threat-intel/vulnerabilities/id/cde6e758-9723-43f2-9972-32be8aeb2b91?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39922 – WordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-39922
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. Vulnerabilidad de autorización faltante en ThemeFusion Avada. Este problema afecta a Avada: desde n/a hasta 7.11.1. The Avada theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 7.11.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to save Portfolio permalinks. • https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39312 – WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability
https://notcve.org/view.php?id=CVE-2023-39312
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. Vulnerabilidad de autorización faltante en ThemeFusion Avada. Este problema afecta a Avada: desde n/a hasta 7.11.1. The Avada theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation when extracting zip files in the 'process_upload' and 'regenerate_icon_files' functions in versions up to, and including, 7.11.1. This makes it possible for authenticated attackers with author permissions to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-author-unrestricted-zip-extraction-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39313 – WordPress Avada theme <= 7.11.1 - Authenticated Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-39313
Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. Vulnerabilidad de Server-Side Request Forgery (SSRF) en ThemeFusion Avada. Este problema afecta a Avada: desde n/a hasta 7.11.1. The Avada theme for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 7.11.1 via the 'ajax_import_options' function. This can allow authenticated attackers with contributor privileges to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39307 – WordPress Avada theme <= 7.11.1 - Authenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-39307
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en ThemeFusion Avada. Este problema afecta a Avada: desde n/a hasta 7.11.1. The Avada theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_import_options' function in versions up to, and including, 7.11.1. This makes it possible for authenticated attackers with contributor permissions to upload arbitrary files on the affected site's server which may make remote code execution possible if they are able to successfully exploit a race condition. • https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •