Avada 5.1.4 stored XSS and CSRF

The Avada theme has the most sales currently on ThemeForest.net with more than 300.000 sales, and they market themselves using the following lines: "The #1 Selling Theme on the market for 4+ years" "#1 selling theme of all time" Being the best-selling WP theme, however, does not make…

Layer Slider 6.2.0 CSRF to XSS to SQLi with POC

The LayerSlider v6.2.0 suffers from multiple vulnerabilities: Cross-site Request Forgery aka. CSRF The ls_save_screen_options function does not validate the request with a nonce. function ls_save_screen_options() { $_POST['options'] = !empty($_POST['options']) ? $_POST['options'] : array(); update_option('ls-screen-options', $_POST['options']); die(); } This function is…