1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws

📅 18 May 2026 at 08:30 UTC📰 Cyber Security NewsView original source ↗

A widely used WordPress plugin powering over one million websites has been hit by two serious vulnerabilities that could allow attackers to steal sensitive data and access server files. Security researchers warn that the flaws in the Avada Builder plugin could be actively exploited if sites remain unpatched. The issues, discovered by researcher Rafie Muhammad through […] The post 1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws appeared first on Cyber Security News.

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed