CVE-2017-18606

The avada theme before 5.1.5 for WordPress has stored XSS.
Source: NIST
CVE-2017-18606