CVE-2023-39313 HIGH

CVE-2023-39313: WordPress Avada theme <= 7.11.1 - Authenticated Server Side Request Forgery (SSRF) vulnerability

Vendor Themefusion
Product Avada
Weakness CWE-918 · SSRF
Published March 28, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

Key dates

02Disclosure timeline

March 28, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-13393 Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' CVE-2023-29291 Server Side Request Forgery (SSRF) in USPS carrier integration configuration CVE-2026-13540 GitBucket RepositoryCreationService.scala Git.cloneRepository.setURI server-side request forgery CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() CVE-2025-11242 SSRF in Teknolist Computer's Okulistik