Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch Release
Summary
Hide ▲
Show ▼
Avada Builder shipped version 3.15.3 as the full fix for CVE-2026-4782 and CVE-2026-4798, closing the plugin flaws that could expose files and database data. A prior 3.15.2 release only partially fixed the issue, so the final patch matters for sites still running vulnerable builds. Site owners are urged to move to 3.15.3 to reduce the risk of credential theft and server-side data exposure.
Related Happenings
Gitea Docker images security update (CVE-2026-20896)
Security Patch Release
H score51
First: 06.07.2026 19:28
Last: 06.07.2026 19:28
Sources 1
About this happening:
Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...
Gitea Docker images security update (CVE-2026-20896)
Security Patch ReleaseAbout this happening: Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...
Dify security patch release for CVE-2026-41947
Security Patch Release
H score34
First: 22.06.2026 19:13
Last: 22.06.2026 19:13
Sources 1
About this happening:
**Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
Dify security patch release for CVE-2026-41947
Security Patch ReleaseAbout this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
Squid web proxy patch for CVE-2026-47729
Security Patch Release
H score20
First: 22.06.2026 17:29
Last: 22.06.2026 17:29
Sources 1
About this happening:
**Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...
Squid web proxy patch for CVE-2026-47729
Security Patch ReleaseAbout this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...
F5 security patch release for CVE-2026-42530
Security Patch Release
H score39
First: 18.06.2026 20:32
Last: 18.06.2026 20:32
Sources 1
About this happening:
**F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...
F5 security patch release for CVE-2026-42530
Security Patch ReleaseAbout this happening: **F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch Release
H score43
First: 06.06.2026 17:09
Last: 06.06.2026 17:09
Sources 1
About this happening:
The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch ReleaseAbout this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
Timeline
-
15.05.2026 18:56 1 articles · 1mo ago
Avada Builder flaws submitted to Wordfence
Initial DisclosureSecurity researcher Rafie Muhammad submitted CVE-2026-4782 and CVE-2026-4798 through the Wordfence Bug Bounty Program after finding arbitrary file read and SQL injection flaws in the Avada Builder WordPress plugin.
Show sources
- Avada Builder WordPress plugin flaws allow site credential theft — www.bleepingcomputer.com — 15.05.2026 18:56
-
15.05.2026 18:56 1 articles · 1mo ago
Avada Builder publisher receives vulnerability report
Initial DisclosureRafie Muhammad reported CVE-2026-4782 and CVE-2026-4798 to the Avada Builder publisher after submitting them through the Wordfence Bug Bounty Program.
Show sources
- Avada Builder WordPress plugin flaws allow site credential theft — www.bleepingcomputer.com — 15.05.2026 18:56
-
15.05.2026 18:56 1 articles · 1mo ago
Avada Builder 3.15.2 partial fix released
Mitigation Patch UpdateAvada Builder released version 3.15.2 as a partial fix for CVE-2026-4782 and CVE-2026-4798, but the plugin remained affected through 3.15.2 for the subscriber-level arbitrary file read and through 3.15.1 for the unauthenticated SQL injection.
Show sources
- Avada Builder WordPress plugin flaws allow site credential theft — www.bleepingcomputer.com — 15.05.2026 18:56
-
15.05.2026 18:56 2 articles · 1mo ago
Avada Builder 3.15.3 fully patched release
Mitigation Patch UpdateAvada Builder released version 3.15.3 as the fully patched update for CVE-2026-4782 and CVE-2026-4798, closing the flaws that could expose wp-config.php and database contents on affected WordPress sites.
Show sources
- Avada Builder WordPress plugin flaws allow site credential theft — www.bleepingcomputer.com — 15.05.2026 18:56
- Avada Builder WordPress plugin flaws allow site credential theft — www.bleepingcomputer.com — 15.05.2026 18:56