Two severe security vulnerabilities discovered in the Avada Builder WordPress plugin have put approximately 1 million active websites at risk of credential theft, database compromise, and full-site takeover. Wordfence published the findings on May 13, 2026, after researcher Rafie Muhammad responsibly disclosed both flaws through the Wordfence Bug Bounty Program, earning a combined bounty of […]
The post SQL Injection, File Read Vulnerability Affect 1M Avada WordPress Sites appeared first on Cyber Security News.