Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| ThemeFusion | Avada | unaffected |
|
No data.
No data.
No data available yet.
Vendor Solution
Update the WordPress Avada theme to the latest available version (at least 7.13.2).
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 22 Apr 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 22 Apr 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2. | |
| Title | WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability | |
| Weaknesses | CWE-352 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: Patchstack
Published:
Updated: 2026-04-22T17:19:25.055Z
Reserved: 2025-09-06T04:44:19.611Z
Link: CVE-2025-58922
Vulnrichment
Updated: 2026-04-22T17:19:12.931Z
NVD
Status : Deferred
Published: 2026-04-22T16:16:51.963
Modified: 2026-04-22T20:22:50.570
Link: CVE-2025-58922
Redhat
No data.
OpenCVE Enrichment
No data.