Fusion Builder
CVE-2022-1386
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
AnalysisAI
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures. Affected products include: Fusion Builder Project Fusion Builder, Theme-Fusion Avada. Version information: before 3.6.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
More in Fusion Builder
View allPHP Object Injection in the ThemeFusion Fusion Builder WordPress plugin (versions ≤ 3.15.4) allows authenticated users w
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion
Arbitrary file deletion in the Fusion Builder WordPress plugin (versions <= 3.15.4) allows authenticated users with Cont
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.11.1. Rated high severity (CVSS 7.1), this
A Reflected Cross-Site Scripting (XSS) vulnerability exists in ThemeFusion Fusion Builder, a WordPress page builder plug
Fusion Builder, a WordPress plugin by ThemeFusion, contains a missing authorization vulnerability (CWE-862) that allows
This vulnerability is a missing authorization flaw in ThemeFusion Fusion Builder that allows unauthenticated attackers t
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today