CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Cvelist•added 2026/04/15 1:25 a.m.•27 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS0.00017EPSS

Exploits0References3

Vulnrichment•added 2026/04/15 1:25 a.m.•3 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

5.4CVSS6.1AI score0.00017EPSS

Exploits0References3

Positive Technologies•added 2026/04/15 12:0 a.m.•4 views

PT-2026-32994

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's output action hook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS6.1AI score0.00017EPSS

Exploits0References3

ATTACKERKB•added 2022/05/02 1:12 p.m.•1 views

CVE-2022-29444

Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...

6.5CVSS5.6AI score0.0018EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by