5 matches found
CVE-2026-4782
The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...
EUVD-2026-29933
The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...
CVE-2026-4782
The Wordfence-disclosed analysis confirms CVE-2026-4782 affects Avada Builder (Fusion Builder)
CVE-2026-4790
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-4790
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...