Volerion logoVolerion
Volerion logoVolerion

ThemeFusion Avada Missing Authorization Vulnerability Allowing Broken Access Control

Vulnerability

A missing authorization vulnerability has been identified in the ThemeFusion Avada WordPress theme, specifically in versions through 7.13.1. This vulnerability allows users to access functionalities that are not properly restricted by access control lists (ACLs), leading to broken access control issues.

Impact

Exploitation of this vulnerability could result in unauthorized access to restricted functionalities, allowing users to perform actions or access data they should not be able to.

Added: Dec 16, 2025, 9:44 AM
Updated: Dec 16, 2025, 2:55 PM

Vulnerability Rating

Custom Algorithm
spread
6.4
impact
0.6
exploitability
6.8
remediation
0.0
relevance
1.6
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.