A critical security vulnerability in the widely used Avada (Fusion) Builder WordPress plugin has exposed over 1 million websites to arbitrary file-deletion attacks, potentially leading to full-site compromise and remote code execution. The flaw, tracked as CVE-2026-8713 with a CVSS score of 9.1, was discovered by security researcher “daroo” and reported through the Wordfence Bug […]
The post Critical WordPress Plugin Vulnerability Exposes 1 Million Sites to File Deletion Attacks appeared first on Cyber Security News.