CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

344 matches found

Nuclei•added 3 days ago•46 views

WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery

WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can...

9.8CVSS7.4AI score0.9361EPSS

Exploits6References5

Nuclei•added 3 days ago•127 views

Avada < 7.11.7 - Information Disclosure

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

5.3CVSS7.3AI score0.58179EPSS

Exploits1References4

Patchstack•added 2026/05/25 7:45 a.m.•9 views

WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.15.2...

6.4CVSS5.8AI score0.00011EPSS

Exploits0References1Affected Software1

GithubExploit•added 2026/05/23 9:33 a.m.•65 views

Exploit for CVE-2026-6279

CVE-2026-6279 Avada Builder = 3.15.2 — Unauthenticated RCE v...

9.8CVSS5.8AI score0.00138EPSS

GithubExploit•added 2026/05/23 6:36 a.m.•63 views

Exploit for CVE-2026-6279

CVE-2026-6279 CVE-2026-6279: Avada Fusion Builder = 3.15...

9.8CVSS6.2AI score0.00138EPSS

NVD•added 2026/05/21 5:16 a.m.•10 views

CVE-2026-6279

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS0.00138EPSS

Exploits2References12

NVD•added 2026/05/21 5:16 a.m.•9 views

CVE-2026-1543

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00011EPSS

Exploits0References3

Cvelist•added 2026/05/21 4:28 a.m.•36 views

CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00011EPSS

Exploits0References3

CVE•added 2026/05/21 4:28 a.m.•11 views

CVE-2026-1543

CVE-2026-1543 concerns the Avada (Fusion) Builder WordPress plugin. All versions up to and including 3.15.2 are affected by a Stored Cross-Site Scripting (XSS) flaw due to insufficient input sanitization and output escaping. The vulnerability can be exploited by an authenticated attacker with Sub...

6.4CVSS6AI score0.00011EPSS

Exploits0References3

ATTACKERKB•added 2026/05/21 4:28 a.m.•9 views

CVE-2026-1543

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6AI score0.00011EPSS

Exploits0References4

EUVD•added 2026/05/21 4:28 a.m.•7 views

EUVD-2026-31211

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6AI score0.00011EPSS

Exploits0References3

Vulnrichment•added 2026/05/21 4:28 a.m.•6 views

CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6AI score0.00011EPSS

Exploits0References3

CVE•added 2026/05/21 4:27 a.m.•19 views

CVE-2026-6279

The CVE-2026-6279 entry identifies a vulnerability in the Avada Builder (fusion-builder) WordPress plugin up to version 3.15.2. The root cause is a PHP function injection flaw in Fusion_Builder_Conditional_Render_Helper::get_value(), where attacker-controlled data from a base64-decoded JSON blob ...

9.8CVSS6.3AI score0.00138EPSS

Exploits2References12

Vulnrichment•added 2026/05/21 4:27 a.m.•7 views

CVE-2026-6279 Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS6.3AI score0.00138EPSS

Exploits2References12

Cvelist•added 2026/05/21 4:27 a.m.•35 views

CVE-2026-6279 Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS0.00138EPSS

Exploits2References12

EUVD•added 2026/05/21 4:27 a.m.•10 views

EUVD-2026-31209

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS6.3AI score0.00138EPSS

Exploits2References12

ATTACKERKB•added 2026/05/21 4:27 a.m.•10 views

CVE-2026-6279

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS6.3AI score0.00138EPSS

Exploits2References13

CNNVD•added 2026/05/21 12:0 a.m.•4 views

WordPress plugin Avada (Fusion) Builder 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS6.1AI score0.00138EPSS

Exploits2References1

Positive Technologies•added 2026/05/21 12:0 a.m.•11 views

PT-2026-42396

Name of the Vulnerable Software and Affected Versions Avada Builder fusion-builder versions prior to 3.15.3 Description The Avada Builder plugin for WordPress allows unauthenticated remote code execution through PHP Function Injection. The issue occurs because the wp conditional tags case within...

9.8CVSS6.4AI score0.00138EPSS

Exploits2References18

CNNVD•added 2026/05/21 12:0 a.m.•4 views

WordPress plugin Avada (Fusion) Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00011EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by