Fusion Builder
Monthly
This vulnerability is a missing authorization flaw in ThemeFusion Fusion Builder that allows unauthenticated attackers to exploit incorrectly configured access controls to modify content or settings. The issue affects Fusion Builder versions prior to 3.15.0, and the network-accessible nature combined with no authentication requirement means any remote attacker can exploit it without special privileges. While the CVSS score of 5.3 indicates moderate severity with integrity impact but no confidentiality or availability loss, the lack of authentication requirement elevates real-world risk for WordPress sites using affected versions.
Fusion Builder, a WordPress plugin by ThemeFusion, contains a missing authorization vulnerability (CWE-862) that allows authenticated attackers with low privileges to bypass access controls and perform unauthorized actions. Versions prior to 3.15.0 are affected, and attackers can exploit incorrectly configured access control to read, modify, or delete sensitive data. The CVSS 6.3 score reflects moderate severity with network accessibility and low attack complexity, though no public evidence of active KEV inclusion or widespread exploitation has been documented at this time.
This vulnerability is a missing authorization flaw in ThemeFusion Fusion Builder that allows unauthenticated attackers to exploit incorrectly configured access controls to modify content or settings. The issue affects Fusion Builder versions prior to 3.15.0, and the network-accessible nature combined with no authentication requirement means any remote attacker can exploit it without special privileges. While the CVSS score of 5.3 indicates moderate severity with integrity impact but no confidentiality or availability loss, the lack of authentication requirement elevates real-world risk for WordPress sites using affected versions.
Fusion Builder, a WordPress plugin by ThemeFusion, contains a missing authorization vulnerability (CWE-862) that allows authenticated attackers with low privileges to bypass access controls and perform unauthorized actions. Versions prior to 3.15.0 are affected, and attackers can exploit incorrectly configured access control to read, modify, or delete sensitive data. The CVSS 6.3 score reflects moderate severity with network accessibility and low attack complexity, though no public evidence of active KEV inclusion or widespread exploitation has been documented at this time.