CVE-2026-4782 | themefusion Avada Builder Plugin up to 3.15.2 on WordPress Shortcode fusion_get_svg_from_file custom_svg absolute path traversal

Inserito da Angelo Barbosa | Mag 13, 2026 | CVE

A vulnerability classified as problematic has been found in themefusion Avada Builder Plugin up to 3.15.2 on WordPress. This vulnerability affects the function fusion_get_svg_from_file of the component Shortcode Handler. The manipulation of the argument custom_svg leads to absolute path traversal.

This vulnerability is traded as CVE-2026-4782. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2026-4782 | themefusion Avada Builder Plugin up to 3.15.2 on WordPress Shortcode fusion_get_svg_from_file custom_svg absolute path traversal

Post correlati

CVE-2024-49634 | Rimon Habib BP Member Type Manager Plugin up to 1.01 on WordPress cross site scripting

CVE-2023-46174 | IBM InfoSphere Information Server 11.7 Web UI cross site scripting (XFDB-269506)

CVE-2024-35236 | advplyr audiobookshelf up to 2.9.0 File cross site scripting (GHSA-7j99-76cj-q9pg)

CVE-2024-1580 | VideoLAN dav1d up to 1.3.x AV1 Decoder integer overflow