TECH NEWS

Over a million WordPress sites hit in plugin flaw — so patch now or face the consequences

https://cdn.mos.cms.futurecdn.net/PxxKy74xA4GapoubYuoRtK-2560-80.jpg
  • Wordfence disclosed two flaws in Avada Builder, a WordPress plugin with around 1 million active installs
  • CVE‑2026‑4782 (Arbitrary File Read, medium severity) requires subscriber‑level access; CVE‑2026‑4798 (SQL injection, high severity) exploitable unauthenticated
  • Patches released in April and May 2026; users advised to update to v3.15.3+; researcher Rafie Muhammad earned ~$4,500 bounty

A popular WordPress plugin with roughly a million active installations contained two vulnerabilities that could have allowed malicious actors to exfiltrate sensitive data, such as password hashes and other valuable information.

Security researchers at Wordfence said they were tipped off by a researcher Rafie Muhammad about the existence of an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder.

Avada Builder is a drag-and-drop page builder for WordPressthat comes as part of the Avada ecosystem by ThemeFusion, with more than 1,050,000+ active installations right now. With it, users can build websites without needing to learn or...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more

https://www.eu-startups.com/wp-content/uploads/2026/05/Untitled-design-2026-05-19T165310.544.jpg

Berlin-based bunch, an AI-native platform for managers and institutional investors to manage the entire fund lifecycle, raised a €30.1M Series B led by Portage

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data