CVE-2026-6279 | themefusion Avada Builder Plugin up to 3.15.2 on WordPress AJAX Endpoint get_value injection

Inserito da Angelo Barbosa | Mag 21, 2026 | CVE

A vulnerability, which was classified as critical, was found in themefusion Avada Builder Plugin up to 3.15.2 on WordPress. This affects the function Fusion_Builder_Conditional_Render_Helper::get_value of the component AJAX Endpoint. Such manipulation leads to injection.

This vulnerability is uniquely identified as CVE-2026-6279. The attack can be launched remotely. No exploit exists.

You should upgrade the affected component.

CVE-2026-6279 | themefusion Avada Builder Plugin up to 3.15.2 on WordPress AJAX Endpoint get_value injection

Post correlati

CVE-2024-10752 | Codezips Pet Shop Management System 1.0 /productsadd.php id sql injection

CVE-2024-1496 | Featured Image from URL Plugin up to 4.6.2 on WordPress fifu_input_url cross site scripting

CVE-2024-9265 | CodeRevolution Echo RSS Feed Post Generator Plugin up to 5.4.6 on WordPress echo_check_post_header_sent privileges management

CVE-2026-5561 | Campcodes Complete POS Management and Inventory System up to 4.0.6 Environment Variable SettingsController.php injection