Plugin icon

Fusion Builder

fusion-builder

Vulnerabilities:

12

Last Updated:

April 3, 2026

Active Installs:

n/a

Published
Title
Fixed in
CVSS
Published
2026-03-20
Title
Avada (Fusion) Builder < 3.15.0 - Reflected Cross-Site Scripting
Fixed in
Fixed in 3.15.0
CVSS
6.1 (medium)
Published
2026-03-10
Title
Avada (Fusion) Builder < 3.15.0 - Missing Authorization
Fixed in
Fixed in 3.15.0
CVSS
4.3 (medium)
Published
2026-03-10
Title
Avada (Fusion) Builder < 3.15.0 - Missing Authorization
Fixed in
Fixed in 3.15.0
CVSS
5.3 (medium)
Published
2025-10-03
Title
Fusion Builder < 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 3.13.3
CVSS
6.4 (medium)
Published
2025-07-15
Title
Avada (Fusion) Builder < 3.12.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Fixed in
Fixed in 3.12.2
CVSS
6.4 (medium)
Published
2025-03-31
Title
Avada Builder < 3.11.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 3.11.15
CVSS
6.4 (medium)
Published
2025-02-12
Title
Avada Builder < 3.11.14 - Unauthenticated Arbitrary Shortcode Execution
Fixed in
Fixed in 3.11.14
CVSS
7.3 (high)
Published
2025-01-22
Title
Avada Builder < 3.11.12 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets
Fixed in
Fixed in 3.11.12
CVSS
6.4 (medium)
Published
2024-12-24
Title
Avada Builder < 3.11.13 - Authenticated (Contributor+) Protected Post Disclosure
Fixed in
Fixed in 3.11.13
CVSS
4.3 (medium)
Published
2024-09-12
Title
Avada | Website Builder For WordPress & eCommerce < 3.11.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode
Fixed in
Fixed in 3.11.10
CVSS
6.4 (medium)
Published
2023-08-10
Title
Fusion Builder < 3.11.2 - Cross Site Scripting (XSS) vulnerability in the User Register element
Fixed in
Fixed in 3.11.2
CVSS
7.5 (high)
Published
2022-04-19
Title
Fusion Builder < 3.6.2 - Unauthenticated SSRF
Fixed in
Fixed in 3.6.2
CVSS
8.6 (high)