Medium 4.3
2026-04-22< 7.13.2
CVE-2025-58922
Avada
Minimum safe version
7.13.3
Update to 7.13.3 or later to address 28 fixable vulnerabilities
⚠ 2 vulnerabilities have no fix
Medium 5.3
2025-12-16< 7.13.3
CVE-2025-64634
High 7.3
2025-02-13< 7.11.14
CVE-2024-13346
Medium 5.3
2025-07-04< 7.11.11
CVE-2025-24748
N/A Unfixed
≤ 7.11.5
WordPress Avada Theme <= 7.11.5 is vulnerable to Sensitive Data Exposure
Medium 4.3
2024-12-16< 7.11.11
CVE-2024-54357
Medium 6.5
2024-03-13< 7.11.6
CVE-2024-1668
High 7.2
2024-04-09< 7.11.7
CVE-2024-2344
Medium 6.4
2024-04-09< 7.11.7
CVE-2024-2343
Medium 5.3
2024-04-09< 7.11.7
CVE-2024-2340
Medium 5.4
2024-04-09< 7.11.7
CVE-2024-2311
High 8.8
2024-02-29< 7.11.5
CVE-2024-1468
N/A
< 7.4.2
Avada < 7.4.2 - Reflected Cross-Site Scripting
N/A
< 7.4.2
Avada < 7.4.2 - Stored Cross-Site Scripting
Medium 4.3
2024-06-19< 7.11.2
CVE-2023-39922
Critical 9.1
2024-06-19< 7.11.2
CVE-2023-39312
High 8.5
2024-03-26< 7.11.2
CVE-2023-39307
High 7.7
2024-03-28< 7.11.2
CVE-2023-39313
Medium 6.4
2023-06-07< 6.2.3
CVE-2020-36711
N/A
< 6.2.3
Avada <= 6.2.2 - Cross-Site Scripting
N/A
2021-09-10< 7.4.2
Avada <= 7.4.1 - Stored Cross-Site Scripting
N/A
2021-09-10< 7.4.2
Avada <= 7.4.1 - Reflected Cross-Site Scripting
High 8.8
2022-10-27< 7.8.2
CVE-2022-41996
Critical 9.8
2022-05-16< 7.6.2
CVE-2022-1386
N/A
2020-05-01< 6.2.3
WordPress Avada premium theme <= 6.2.2 - Stored Cross-Site Scripting (XSS) vulnerability
N/A
2020-05-01< 6.2.3
WordPress Avada premium theme <= 6.2.2 - Arbitrary Post Creation, Edition and Deletion vulnerability
N/A Unfixed
2015-02-11< 3.4
CVE-2015-1579
N/A
2015-06-30< 3.4
CVE-2014-9735
Medium 6.1
2019-09-10< 5.1.5
CVE-2017-18606
High 8.8
2019-09-10< 5.1.5
CVE-2017-18607