CVE-2026-4798 | themefusion Avada Builder Plugin up to 3.15.1 on WordPress product_order sql injection

May 13, 2026 Yanac

A vulnerability described as critical has been identified in themefusion Avada Builder Plugin up to 3.15.1 on WordPress. This affects the function product_order. Executing a manipulation can lead to sql injection.

This vulnerability appears as CVE-2026-4798. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More

CVE-2026-4782 | themefusion Avada Builder Plugin up to 3.15.2 on WordPress Shortcode fusion_get_svg_from_file custom_svg absolute path traversal
CVE-2026-41051 | SUSE openSUSE Tumbleweed prior 2.0+git.1600444747.83b3644-3.1 csync2 toctou