Avada

Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing vulnerability <= 7.11.6

Authenticated (Admin+) SQL Injection via entry vulnerability <= 7.11.6

Authenticated (Contributor+) ServerSide Request Forgery via form_to_url_action vulnerability <= 7.11.6

Authenticated (Contributor+) Stored CrossSite Scripting via Shortcode vulnerability <= 7.11.6

Authenticated(Contributor+) Sensitive Information Exposure via Form Entries vulnerability <= 7.11.5