Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-15
CVE-2026-1509 - Builder Plugin
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's `output_action_hook()` function accepting user-controlled input to trigger any registered WordPress action hook without proper authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary WordPress action hooks via the Dynamic Data feature, potentially leading to privilege escalation, file inclusion, denial of service, or other security impacts depending on which action hooks are available in the…
PLUGIN
Builder
CVE-2026-1509
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1541 - Builder Plugin
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's `fusion_get_post_custom_field()` function failing to validate whether metadata keys are protected (underscore-prefixed). This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract protected post metadata fields that should not be publicly accessible via the Dynamic Data feature's `post_custom_field` parameter.
PLUGIN
Builder
CVE-2026-1541
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2026-1865 - Builder Plugin
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the ‘membership_ids[]’ parameter in all versions up to, and including, 5.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from…
PLUGIN
Builder
CVE-2026-1865
Risk Score
Threat Entry
Updated 2025-07-16
CVE-2025-6747 - Builder Plugin
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusion_map' shortcode in all versions up to, and including, 3.12.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Builder
CVE-2025-6747
Risk Score
Threat Entry
Updated 2025-05-02
CVE-2025-2890 - Builder Plugin
The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Builder
CVE-2025-2890
Risk Score
Threat Entry
Updated 2025-04-14
CVE-2025-1665 - Builder Plugin
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Builder
CVE-2025-1665
Risk Score
Threat Entry
Updated 2025-04-14
CVE-2024-12335 - Builder Plugin
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
PLUGIN
Builder
CVE-2024-12335
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-9385 - Builder Plugin
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Builder
CVE-2024-9385
Risk Score
Threat Entry
Updated 2024-11-20
CVE-2024-7836 - Builder Plugin
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate and view private or draft posts created by other users that otherwise shouldn't be accessible to them.
PLUGIN
Builder
CVE-2024-7836
Risk Score
Threat Entry
Updated 2025-03-17
CVE-2024-3032 - Builder Plugin
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
PLUGIN
Builder
CVE-2024-3032
Risk Score