CVE-2024-13346

Name of the Vulnerable Software and Affected Versions Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to, and including, 7.11.13

Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution. This is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Recommendations For versions up to, and including, 7.11.13, update to a version later than 7.11.13 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.