CVE-2024-1668

MEDIUM

Avada | Website Builder For WordPress & WooCommerce <7.11.5 - Info ...

Title source: llm

Description

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's "password" field).

References (2)

Core 2

Core References

Third Party Advisory

https://gist.github.com/Xib3rR4dAr/91bd37338022b15379f393356d1056a1

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/cd224169-ae51-4af8-b6de-706ed580ff8d?source=cve

Scores

CVSS v3 6.5

EPSS 0.0066

EPSS Percentile 46.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (2)

theme-fusion/avada < 7.11.6

ThemeFusion/Avada | Website Builder For WordPress & WooCommerce < 7.11.5

Published Mar 13, 2024

Tracked Since Feb 18, 2026