CVE-2026-8713 | themefusion Avada Builder Plugin up to 3.15.3 on WordPress Path Validation wp-config.php maybe_delete_files privacy_expiration_action path traversal

A vulnerability was found in themefusion Avada Builder Plugin up to 3.15.3 on WordPress. It has been declared as critical. Impacted is the function maybe_delete_files of the file wp-config.php of the component Path Validation Handler. Executing a manipulation of the argument privacy_expiration_action can lead to path traversal.

This vulnerability is tracked as CVE-2026-8713. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More