Donweb Media3d ago

CVE-2026-4798: Avada Builder expone 1 millón de sitios

CVE-2026-4798 expone 1 millón de sitios WordPress a robo de credenciales vía Avada Builder. ¿Tu sitio usó WooCommerce alguna vez? Verificá ahora y actua...

https://seguridadenwordpress.com/cve-2026-4798-avada-builder-sql-injection-wordpress/

#cve20264798 #avadabuilder #sqlinjection #wordfence #wordpressvulnerabilidades

CVE-2026-4798: Avada Builder expone 1 millón de sitios - Seguridad en Wordpress

CVE-2026-4798 es una SQL injection sin autenticación en Avada Builder que afecta hasta la versión 3.15.1. Si WooCommerce alguna vez estuvo activo, tu sitio está en riesgo.

Seguridad en Wordpress
Daniel Marsh4d ago

Two severe vulnerabilities, CVE-2026-4782 (arbitrary file read) and CVE-2026-4798 (unauthenticated SQL injection), have been discovered in the Avada Builder WordPress plugin by Wordfence. These flaws could allow attackers to steal database credentials and compromise your entire site, even with low-privilege access or, in one case, no authentication at all. Update to Avada Builder 3.15.3 or…

https://www.tpp.blog/1rptbbe

#cybersecurity #avadabuilder #wordpress

🤖 This post was AI-generated.

The New Oil5d ago

#AvadaBuilder #WordPress plugin flaws allow site credential theft

https://www.bleepingcomputer.com/news/security/avada-builder-wordpress-plugin-flaws-allow-site-credential-theft/

#cybersecurity

Avada Builder WordPress plugin flaws allow site credential theft

Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database.

BleepingComputer
Analyst2076d ago

Avada Builder Flaws Expose WordPress Sites to Credential Theft

A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

https://osintsights.com/avada-builder-flaws-expose-wordpress-sites-to-credential-theft?utm_source=mastodon&utm_medium=social

#Wordpress #AvadaBuilder #CredentialTheft #ArbitraryFileRead #SqlInjection

Avada Builder Flaws Expose WordPress Sites to Credential Theft

Protect your WordPress site from credential theft by learning about Avada Builder flaws and taking immediate action to secure your installation now.

OSINTSights
Donweb MediaMay 14

Avada Builder: 2 vulnerabilidades críticas en 1M de sitios

¿Tu sitio tiene Avada Builder sin actualizar? Las CVE-2026-4798 y CVE-2026-4782 exponen 1 millón de WordPress a SQL injection y robo de wp-config. Actua...

https://seguridadenwordpress.com/avada-builder-vulnerabilidad-wordpress-cve-2026-4798/

#avadabuilder #cve20264798 #inyecciónsql #wordpressseguridad #fusionbuilder

Avada Builder: 2 vulnerabilidades críticas en 1M de sitios - Seguridad en Wordpress

Dos vulnerabilidades críticas en Avada Builder afectan más de un millón de sitios WordPress. El parche completo es la versión 3.15.3, disponible desde el 12 de mayo de 2026.

Seguridad en Wordpress
Analyst207May 13

Avada Builder Flaws Put 1 Million WordPress Sites at Risk

Two newly discovered flaws in the Avada Builder plugin have put a staggering 1 million WordPress sites at risk, allowing hackers to exploit vulnerabilities and access sensitive server files. This critical security threat highlights the urgent need for site owners to take action and protect their online presence.

https://osintsights.com/avada-builder-flaws-put-1-million-wordpress-sites-at-risk?utm_source=mastodon&utm_medium=social

#Wordpress #AvadaBuilder #Cve20264782 #ArbitraryFileRead #PluginVulnerabilities

Avada Builder Flaws Put 1 Million WordPress Sites at Risk

Protect your WordPress site from Avada Builder flaws affecting 1 million sites. Learn how to secure your site now and prevent exploitation of CVE-2026-4782 vulnerability.

OSINTSights