CVE-2024-54357
WordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerabilityCross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.
We have discovered 108,707 live websites that are affected by CVE-2024-54357.
Affected Software
| Product |  Avada |
| Category | Wordpress Themes |
| Vulnerable Domains | 108,707 live websites (65% of Avada install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 122 versions ( 92% of all versions) |
Common Weakness Enumeration
CWE-352 Cross-Site Request Forgery (CSRF)Details
- Published - Dec 16, 2024
- Updated - Dec 16, 2024
Credits
- Ananda Dhakal (Patchstack) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-54357 United States | 32,336 websites |
 Germany | 14,176 websites |
 Italy | 6,640 websites |
 GB | 5,887 websites |
 France | 5,865 websites |
 Netherlands | 4,392 websites |
 Spain | 4,318 websites |
 Canada | 2,664 websites |
 Australia | 2,162 websites |
 Poland | 1,711 websites |
Website Distribution by TLD
Number of websites using CVE-2024-54357| .com | 44,289 websites |
| .de | 9,002 websites |
| .org | 4,856 websites |
| .it | 4,582 websites |
| .nl | 4,001 websites |
| .co.uk | 3,937 websites |
| .fr | 2,387 websites |
| .com.au | 2,086 websites |
| .net | 1,993 websites |
| .es | 1,818 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-54357
Top websites that are affected by CVE-2024-54357. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.**.za |  South Africa | *,*** | |
| ************.com | Germany | **,*** | |
| ************.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ******************.org | United States | **,*** | |
| ***********.***.de | Germany | **,*** | |
| ***********.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| **************.org | United States | **,*** | |
| **********.com | United States | **,*** |
FAQ
CVE-2024-54357 is Cross-Site Request Forgery (CSRF) in Avada
A total of 108,707 websites have been identified as vulnerable to CVE-2024-54357, based on global website indexing conducted by WebTechSurvey.
The Avada is affected by the CVE-2024-54357 vulnerability.
Avada versions up to and including 7.11.10 are vulnerable to CVE-2024-54357.