https://www.apetours.it - iThemes Security Site Scanner

WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 7.1

Fixed in Version 3.15.0

PatchStack

Details

CVE

2026-32542

Publicly Published: 2026-03-20
Created: 2026-03-20

WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Broken Access Control
Score:: 5.3

Fixed in Version 3.15.0

PatchStack

Details

CVE

2026-32452

Publicly Published: 2026-03-10
Created: 2026-03-13

WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Broken Access Control
Score:: 6.5

Fixed in Version 3.15.0

PatchStack

Details

CVE

2026-32451

Publicly Published: 2026-03-10
Created: 2026-03-13

WordPress Fusion Builder plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 3.14.2

PatchStack

Details

CVE

2026-25472

Publicly Published: 2026-01-15
Created: 2026-02-17

WordPress Fusion Builder plugin <= 3.13.2 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 3.13.3

PatchStack

Details

CVE

2025-49940

Publicly Published: 2025-10-03
Created: 2025-10-22

WordPress Fusion Builder plugin <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 3.12.2

PatchStack

Details

CVE

2025-6747

Publicly Published: 2025-07-16
Created: 2025-07-16

WordPress Avada Builder plugin <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 3.11.15

PatchStack

Details

CVE

2025-1665

Publicly Published: 2025-03-31
Created: 2025-03-31

WordPress Fusion Builder plugin <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Remote Code Execution (RCE)
Score:: 7.3

Fixed in Version 3.11.14

PatchStack

Details

CVE

2024-13345

Publicly Published: 2025-02-12
Created: 2025-02-12

WordPress Avada Builder plugin <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 3.11.12

PatchStack

Details

CVE

2024-12477

Publicly Published: 2025-01-22
Created: 2025-01-22

WordPress Avada Builder plugin <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Broken Access Control
Score:: 4.3

Fixed in Version 3.11.13

PatchStack

Details

CVE

2024-12335

Publicly Published: 2024-12-24
Created: 2024-12-24

WordPress Avada | Website Builder For WordPress & eCommerce plugin <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 3.11.10

PatchStack

Details

CVE

2024-5628

Publicly Published: 2024-09-13
Created: 2024-09-13

WordPress Avada Builder plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 7.1

Fixed in Version 3.11.2

PatchStack

Details

CVE

2023-39306

Publicly Published: 2023-08-10
Created: 2023-08-11

WordPress Avada Builder plugin <= 3.11.1 - Cross Site Request Forgery (CSRF) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Request Forgery (CSRF)
Score:: 7.1

Fixed in Version 3.11.2

PatchStack

Details

CVE

2023-39311

Publicly Published: 2023-08-10
Created: 2023-08-16

WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Broken Access Control
Score:: 5.4

Fixed in Version 3.11.2

PatchStack

Details

CVE

2023-39310

Publicly Published: 2023-08-10
Created: 2023-08-17

WordPress Avada Builder plugin <= 3.11.1 - Authenticated SQL Injection vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: SQL Injection
Score:: 8.5

Fixed in Version 3.11.2

PatchStack

Details

CVE

2023-39309

Publicly Published: 2023-08-10
Created: 2023-08-10