Skip to content
Nuclei Templates

Avada < 7.11.7 - Information Disclosure

ID: CVE-2024-2340

Severity: medium

Author: t3l3machus

Tags: cve,cve2024,wp-theme,wp,wordpress,wpscan,avada,exposure

Description

Section titled “Description”

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the ‘/wp-content/uploads/fusion-forms/’ directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.

YAML Source

Section titled “YAML Source”
id: CVE-2024-2340


info:
  name: Avada < 7.11.7 - Information Disclosure
  author: t3l3machus
  severity: medium
  description: |
    The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
  remediation: Fixed in 7.11.7
  reference:
    - https://vulners.com/wpvulndb/WPVDB-ID:507E1D07-4953-4A31-81E8-80F01F971E2A
    - https://avada.com/documentation/avada-changelog/
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961?source=cve
    - https://nvd.nist.gov/vuln/detail/CVE-2024-2340
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-2340
    epss-score: 0.00053
    epss-percentile: 0.21091
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2024,wp-theme,wp,wordpress,wpscan,avada,exposure


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/fusion-forms/"


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - '<title>Index of [\s\S]*title>'
          - 'fusion'
        condition: and


      - type: status
        status:
          - 200
# digest: 490a00463044022066eba409168094ed436b7e2d3bcfbd409646ee97027c4a9c177bb5353785fd0b02201026297c78ad9792b20bda3909131f8c677ae4b276d4df1c8f3c6c079dc71416:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-2340.yaml"

View on Github