132 matches found
WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery
WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can...
CVE-2026-56008
Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...
CVE-2026-56008 WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability
Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...
EUVD-2026-39685
Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...
CVE-2026-56008
CVE-2026-56008 affects WordPress Fusion Builder plugin versions
PT-2026-52739
Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A privilege escalation issue exists that allows a user with Contributor permissions to elevate their privileges. Recommendations Update to a version newer than 3.15.4...
WordPress Avada (Fusion) Builder plugin <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability
Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.3...
WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.4...
EUVD-2026-37715
Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...
CVE-2026-54193
Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...
CVE-2026-54194
Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...
CVE-2026-54193 WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability
Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...
PT-2026-50414
Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A path traversal issue allows users with the Contributor role to delete arbitrary files on the server. Recommendations Limit user roles as a temporary mitigation measure. At the moment, there...
CVE-2026-54194
CVE-2026-54194 concerns the WordPress Fusion Builder plugin, affected versions ≤ 3.15.4, with a PHP Object Injection vulnerability identified in the CVE record. The provided information confirms the affected component (Fusion Builder), the vulnerable version range, and the nature of the issue (PH...
CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...
PT-2026-50127
Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A PHP Object Injection issue exists in the software. This occurs when an application deserializes untrusted data, allowing an attacker to manipulate the objects created and potentially execut...
CVE-2026-1543
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.15.2...
Exploit for CVE-2026-6279
CVE-2026-6279 Avada Builder = 3.15.2 — Unauthenticated RCE v...
WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by ? in WordPress Plugin Fusion Builder versions = 3.15.2...