The Avada WordPress theme is vulnerable to a security issue called Reflected Cross-Site Scripting. It affects versions up to and including 7.4.1. This means that if someone can get a user to click on a link, they can inject malicious scripts into the page. To protect against this, Avada needs to improve the way that it sanitizes input and escapes output.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
