SECURITYBLEEPING COMPUTER
Avada Builder WordPress plugin flaws allow site credential theft
The Avada Builder plugin for WordPress has two vulnerabilities that allow hackers to read arbitrary files and extract sensitive information from the database, affecting an estimated one million active installations. This poses a significant risk to site credential theft. The vulnerabilities enable unauthorized access to sensitive data.