WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery

WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can...

WordPress Avada (Fusion) Builder plugin <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Sensitive Information Exposure via Insecure Direct Object Reference vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.15.1...

CVE-2026-32542 WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeFusion Fusion Builder fusion-builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.15.0...

CVE-2026-25472

CVE-2026-25472 is a Stored XSS vulnerability in ThemeFusion Fusion Builder (WordPress plugin)

CVE-2025-49940 WordPress Fusion Builder plugin <= 3.13.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through = 3.13.2...

WordPress Fusion Page Builder : Extension – Gallery Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Fusion Page Builder : Extension Gallery versions = 1.7.6...

WordPress Avada Builder plugin <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.11.14...

WordPress Fusion plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Fusion versions = 1.6.4...

CVE-2025-31549 WordPress Fusion plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Agency Dominion Inc. Fusion fusion allows DOM-Based XSS.This issue affects Fusion: from n/a through = 1.6.4...

WordPress Fusion Builder Plugin <= 3.11.9 is vulnerable to Cross Site Scripting (XSS)

Software Fusion Builder Type Plugin Vulnerable versions = 3.11.9 Fixed in 3.11.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5628 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ab369f1b5cb Credits wesley wcraft Required...

WordPress Fusion Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Fusion Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37962 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e7459e0fc63 Credits savphill Required privilege Contributor Publish...

WordPress Fusion Builder Plugin <= 3.11.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fusion Builder Type Plugin Vulnerable versions = 3.11.1 Fixed in 3.11.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39311 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 970dca7b1596 Credits Rafie Muhammad...

WordPress Fusion Builder Plugin <= 3.11.1 is vulnerable to SQL Injection

Software Fusion Builder Type Plugin Vulnerable versions = 3.11.1 Fixed in 3.11.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-39309 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID cdc92b887506 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Fusion Theme Arbitrary File Upload (CVE-2015-2194)

An unauthorized file upload vulnerability has been reported in WordPress Fusion Theme. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute...