Avada Builder WordPress plugin flaws allow site credential theft
Source: Bleepingcomputer
Published:
<p>Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database.</p> <p>The other security issue received the identifier CVE-2026-4798 and is an SQL injecti