CVE-2026-4798 | themefusion Avada Builder Plugin up to 3.15.1 on WordPress product_order sql injection

Inserito da Angelo Barbosa | Mag 13, 2026 | CVE

A vulnerability described as critical has been identified in themefusion Avada Builder Plugin up to 3.15.1 on WordPress. This affects the function product_order. Executing a manipulation can lead to sql injection.

This vulnerability appears as CVE-2026-4798. The attack may be performed from remote. There is no available exploit.

CVE-2026-4798 | themefusion Avada Builder Plugin up to 3.15.1 on WordPress product_order sql injection

Post correlati

CVE-2024-13479 | enituretechnology LTL Freight Quotes Plugin up to 3.2.4 on WordPress dropship_edit_id/edit_id sql injection

CVE-2022-50915 | Primera PTPublisher 2.3.4 PTProtect Service UsbFlashDongleService.exe unquoted search path (Exploit 50885 / EDB-50885)

CVE-2024-51806 | Shingo Suzumura Awesome Fitness Testimonials Plugin up to 1.0.1 on WordPress cross site scripting

CVE-2025-25304 | Vega up to 5.25.x vlSelectionTuples cross site scripting (GHSA-mp7w-mhcv-673j)