CVE-2022-41996

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
PatchstackCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
theme-fusionavada
𝑥
≤ 7.8.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://theme-fusion.com/documentation-assets/avada/changelog.txt
https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://theme-fusion.com/documentation-assets/avada/changelog.txt
https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226