Vulnerabilities

Report: Complete Guide to CVE-2026-1509 - Avada (Fusion) Builder <= 3.15.1 - authenticated (subscriber+) limited arbitrary ...

2026-04-15 0 views admin
Report: Complete Guide to CVE-2026-1509 - Avada (Fusion) Builder <= 3.15.1 - authenticated (subscriber+) limited arbitrary ...

CVE ID :CVE-2026-1509 Published : 15 Apr 2026, 1:25 a.m. | 56 minutes ago Description :The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's `output_action_hook()` function accepting user-controlled input to trigger any registered WordPress action hook without proper authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary WordPress action hooks via the Dynamic Data feature, potentially leading to privilege escalation, file inclusion, denial of service, or other security impacts depending on which action hooks are available in the WordPress installation. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Affected Product: WordPress
Impact: privilege escalation

🏷️ Tags

reportcompleteguideavadafusionbuilderauthenticatedsubscriberlimitedarbitrary

More from Vulnerabilities

Report: CVE-2026-40105 - XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare funct

Report: CVE-2026-40105 - XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare funct

2026-04-15 0
Report: CVE-2026-33806 - fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content

Report: CVE-2026-33806 - fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content

2026-04-15 0
Report: CVE-2025-54550 - Apache Airflow: RCE by race condition in example_xcom dag - Guide

Report: CVE-2025-54550 - Apache Airflow: RCE by race condition in example_xcom dag - Guide

2026-04-15 0
Report: Complete Guide to CVE-2026-1541 - Avada (Fusion) Builder <= 3.15.1 - authenticated (subscriber+) sensitive informat...

Report: Complete Guide to CVE-2026-1541 - Avada (Fusion) Builder <= 3.15.1 - authenticated (subscriber+) sensitive informat...

2026-04-15 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views