CVE-2024-2340
Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
El tema Avada para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 7.11.6 incluida a través del directorio '/wp-content/uploads/fusion-forms/'. Esto hace posible que atacantes no autenticados extraigan datos confidenciales cargados a través de un formulario creado por Avada con un mecanismo de carga de archivos.
*Credits:
Muhammad Zeeshan
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-03-08 CVE Reserved
- 2024-03-20 CVE Published
- 2024-05-06 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-548: Exposure of Information Through Directory Listing
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://avada.com/documentation/avada-changelog | ||
| https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961?source=cve |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| ThemeFusion Search vendor "ThemeFusion" | Avada | Website Builder For WordPress & WooCommerce Search vendor "ThemeFusion" for product "Avada | Website Builder For WordPress & WooCommerce" | <= 7.11.6 Search vendor "ThemeFusion" for product "Avada | Website Builder For WordPress & WooCommerce" and version " <= 7.11.6" | en |
Affected
| ||||||