Lucene search
K

361 matches found

Patchstack
Patchstack
added 2026/05/13 10:40 a.m.10 views

WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Fusion Builder versions = 3.15.2...

6.5CVSS5.8AI score0.00473EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/13 9:26 a.m.28 views

CVE-2026-4782

The Wordfence-disclosed analysis confirms CVE-2026-4782 affects Avada Builder (Fusion Builder)

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/13 9:26 a.m.50 views

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS0.00473EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:26 a.m.6 views

CVE-2026-4782

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/13 9:26 a.m.13 views

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/13 9:26 a.m.25 views

EUVD-2026-29933

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/13 9:26 a.m.10 views

EUVD-2026-29934

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.9AI score0.00511EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:26 a.m.8 views

CVE-2026-4798

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.9AI score0.00511EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 9:26 a.m.29 views

CVE-2026-4798

The connected sources confirm CVE-2026-4798 affects Avada Builder for WordPress

7.5CVSS5.9AI score0.00511EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 9:26 a.m.50 views

CVE-2026-4798 Avada Builder <= 3.15.1 - Unauthenticated SQL Injection via 'product_order' Parameter

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.00511EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 9:26 a.m.11 views

CVE-2026-4798 Avada Builder <= 3.15.1 - Unauthenticated SQL Injection via 'product_order' Parameter

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.9AI score0.00511EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40583

Name of the Vulnerable Software and Affected Versions Avada Builder versions prior to 3.15.3 Description An arbitrary file read issue exists in the Avada Builder plugin for WordPress. Authenticated attackers with Subscriber-level access or higher can read arbitrary files on the server, potentiall...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

WordPress plugin Avada Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40584

Name of the Vulnerable Software and Affected Versions Avada Builder versions prior to 3.15.2 Description The Avada Builder plugin for WordPress contains a time-based SQL Injection, a technique where an attacker sends queries that cause the database to pause for a specific duration to determine if...

7.5CVSS5.8AI score0.00511EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

WordPress plugin Avada Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00511EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2026/05/12 9:19 p.m.12 views

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...

7.5CVSS6.5AI score0.00511EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2026/04/30 12:0 a.m.8 views

Avada < 7.13.2 - Cross-Site Request Forgery

Description The Avada theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 7.13.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted...

4.3CVSS5.1AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 1:38 a.m.5 views

CVE-2025-58922

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

4.3CVSS5.1AI score0.001EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:31 p.m.7 views

EUVD-2026-22820

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS6.1AI score0.0031EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 9:31 p.m.10 views

EUVD-2026-22822

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS5.7AI score0.00269EPSS
Exploits0References3
Rows per page
Query Builder