Critical Vulnerabilities in Avada Builder WordPress Plugin Expose Site Credentials
Two vulnerabilities in the widely used Avada Builder plugin for WordPress allow attackers to read arbitrary files and extract sensitive database information.
Two vulnerabilities have been identified in the Avada Builder plugin for WordPress, which is used by an estimated one million active installations. These flaws allow attackers to read arbitrary files and extract sensitive information from the site's database, posing a significant risk to site security [BleepingComputer].
The vulnerabilities could be exploited by malicious actors to gain unauthorized access to sensitive data, including site credentials and other database contents. Given the plugin's widespread use, the potential impact of these vulnerabilities is substantial.
Site administrators using the Avada Builder plugin are urged to update to the latest version immediately to patch these vulnerabilities. Regular security reviews and the use of security plugins can also help protect WordPress sites from such threats.