Avada Fusion Builder
Monthly
Arbitrary WordPress action execution in Avada (Fusion) Builder plugin versions up to 3.15.1 allows authenticated attackers with Subscriber-level access to invoke unvalidated WordPress action hooks via the Dynamic Data feature, potentially enabling privilege escalation, file inclusion, denial of service, or remote code execution depending on available hooks in the WordPress installation. The vulnerability stems from the `output_action_hook()` function accepting user-controlled input without authorization checks. No public exploit code or active exploitation has been confirmed at time of analysis.
Avada (Fusion) Builder plugin for WordPress up to version 3.15.1 allows authenticated Subscriber-level users and above to access protected post metadata through the Dynamic Data feature's `post_custom_field` parameter due to insufficient validation of underscore-prefixed metadata keys. The `fusion_get_post_custom_field()` function fails to enforce metadata access controls, enabling disclosure of sensitive metadata that should be restricted. No public exploit code or active exploitation has been confirmed at the time of analysis.
Arbitrary WordPress action execution in Avada (Fusion) Builder plugin versions up to 3.15.1 allows authenticated attackers with Subscriber-level access to invoke unvalidated WordPress action hooks via the Dynamic Data feature, potentially enabling privilege escalation, file inclusion, denial of service, or remote code execution depending on available hooks in the WordPress installation. The vulnerability stems from the `output_action_hook()` function accepting user-controlled input without authorization checks. No public exploit code or active exploitation has been confirmed at time of analysis.
Avada (Fusion) Builder plugin for WordPress up to version 3.15.1 allows authenticated Subscriber-level users and above to access protected post metadata through the Dynamic Data feature's `post_custom_field` parameter due to insufficient validation of underscore-prefixed metadata keys. The `fusion_get_post_custom_field()` function fails to enforce metadata access controls, enabling disclosure of sensitive metadata that should be restricted. No public exploit code or active exploitation has been confirmed at the time of analysis.