Find notable cyber news and cases, enriched with sources, timelines, and signals.

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

Avada Builder shipped version 3.15.3 as the full fix for CVE-2026-4782 and CVE-2026-4798, closing the plugin flaws that could expose files and database data. A prior 3.15.2 release only partially fixed the issue, so the final patch matters for sites still running vulnerable builds. Site owners are urged to move to 3.15.3 to reduce the risk of credential theft and server-side data exposure.

Related Happenings

Gitea Docker images security update (CVE-2026-20896)

Security Patch Release
H score51 First: 06.07.2026 19:28 Last: 06.07.2026 19:28 Sources 1

About this happening: Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...

Dify security patch release for CVE-2026-41947

Security Patch Release
H score34 First: 22.06.2026 19:13 Last: 22.06.2026 19:13 Sources 1

About this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...

Squid web proxy patch for CVE-2026-47729

Security Patch Release
H score20 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...

F5 security patch release for CVE-2026-42530

Security Patch Release
H score39 First: 18.06.2026 20:32 Last: 18.06.2026 20:32 Sources 1

About this happening: **F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...

Everest Forms Pro plugin patch for CVE-2026-3300

Security Patch Release
H score43 First: 06.06.2026 17:09 Last: 06.06.2026 17:09 Sources 1

About this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...

Timeline

  1. 15.05.2026 18:56 1 articles · 1mo ago

    Avada Builder flaws submitted to Wordfence

    Initial Disclosure

    Security researcher Rafie Muhammad submitted CVE-2026-4782 and CVE-2026-4798 through the Wordfence Bug Bounty Program after finding arbitrary file read and SQL injection flaws in the Avada Builder WordPress plugin.

    Show sources
  2. 15.05.2026 18:56 1 articles · 1mo ago

    Avada Builder publisher receives vulnerability report

    Initial Disclosure

    Rafie Muhammad reported CVE-2026-4782 and CVE-2026-4798 to the Avada Builder publisher after submitting them through the Wordfence Bug Bounty Program.

    Show sources
  3. 15.05.2026 18:56 1 articles · 1mo ago

    Avada Builder 3.15.2 partial fix released

    Mitigation Patch Update

    Avada Builder released version 3.15.2 as a partial fix for CVE-2026-4782 and CVE-2026-4798, but the plugin remained affected through 3.15.2 for the subscriber-level arbitrary file read and through 3.15.1 for the unauthenticated SQL injection.

    Show sources
  4. 15.05.2026 18:56 2 articles · 1mo ago

    Avada Builder 3.15.3 fully patched release

    Mitigation Patch Update

    Avada Builder released version 3.15.3 as the fully patched update for CVE-2026-4782 and CVE-2026-4798, closing the flaws that could expose wp-config.php and database contents on affected WordPress sites.

    Show sources