What is the CVSS score of EUVD-2026-12003?

EUVD-2026-12003 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Fusion Builder are affected by EUVD-2026-12003?

CVE-2026-32452 presents moderate security risk, a missing authorization vulnerability rated CVSS 5.3. Attackers could gain access beyond their authorized level.. A patch is available.

Fusion Builder EUVD-2026-12003

Q: How to fix or mitigate EUVD-2026-12003?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

| CVE-2026-32452 MEDIUM

Missing Authorization (CWE-862)

2026-03-13 Patchstack

Authentication Bypass Fusion Builder

5.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

3.15.0

EUVD ID Assigned

Mar 13, 2026 - 16:57 euvd

EUVD-2026-12003

Analysis Generated

Mar 13, 2026 - 16:57 vuln.today

CVE Published

Mar 13, 2026 - 11:42 nvd

MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

AnalysisAI

This vulnerability is a missing authorization flaw in ThemeFusion Fusion Builder that allows unauthenticated attackers to exploit incorrectly configured access controls to modify content or settings. The issue affects Fusion Builder versions prior to 3.15.0, and the network-accessible nature combined with no authentication requirement means any remote attacker can exploit it without special privileges. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS score of 5.3 reflects moderate severity with an attack vector of network, low complexity, no privileges required, and no user interaction—all favorable conditions for an attacker. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker discovers a WordPress site running Fusion Builder version 3.14.x and identifies an exposed administrative function within the plugin that modifies page content or theme settings. The attacker crafts an HTTP request (likely a POST or GET to a specific plugin endpoint) that bypasses the authorization check, allowing them to inject malicious content, alter site configuration, or deface pages without needing to log in or have any WordPress account. …
Remediation	Immediately upgrade Fusion Builder to version 3.15.0 or later, which includes the authorization checks to enforce proper access control. … Detailed patch versions, workarounds, and compensating controls in full report.