CVE-2022-41996
Description
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation.
CWE
- CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)
Affected
- ThemeFusion / Avada (premium WordPress theme) — v=<= 7.8.1 ≤7.8.1 [affected]
CVSS
- 3.1 score=8.8 severity=HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
- https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
- https://theme-fusion.com/documentation-assets/avada/changelog.txt
- https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
Source
cvelistV5-main/cves/2022/41xxx/CVE-2022-41996.json