2 matches found
CVE-2025-6747
CVE-2025-6747 affects the Avada (Fusion) Builder plugin for WordPress prior to and including 3.12.1. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s fusion_map shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitatio...
WordPress Fusion Builder plugin <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Fusion Builder versions = 3.12.1...