Medium 5.4
2026-04-22< 3.15.2
Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution
Fusion Builder
Vulnerabilities 18Slug fusion-builder
Minimum safe version
3.15.2
Update to 3.15.2 or later to address 18 fixable vulnerabilities
Medium 4.3
2026-04-22< 3.15.2
Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference
High 7.1
2026-03-25< 3.15.0
CVE-2026-32542
Medium 6.5
2026-03-13< 3.15.0
CVE-2026-32451
Medium 5.3
2026-03-13< 3.15.0
CVE-2026-32452
Medium 6.5
2026-02-19< 3.14.2
CVE-2026-25472
Medium 6.5
2025-10-22< 3.13.3
CVE-2025-49940
Medium 6.4
2025-07-16< 3.12.2
Avada (Fusion) Builder <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Medium 6.4
2025-04-01< 3.11.15
Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
High 7.3
2025-02-13< 3.11.14
CVE-2024-13345
Medium 6.4
2025-01-22< 3.11.12
CVE-2024-12477
Medium 4.3
2024-12-25< 3.11.13
CVE-2024-12335
Medium 5.4
2024-09-13< 3.11.10
CVE-2024-5628
High 7.1
2024-03-27< 3.11.2
CVE-2023-39306
High 8.5
2024-03-28< 3.11.2
CVE-2023-39309
Medium 5.4
2024-06-19< 3.11.2
CVE-2023-39310
High 7.1
2024-03-27< 3.11.2
CVE-2023-39311
Critical 9.8
2022-05-16< 3.6.2
CVE-2022-1386