CYBERHAWK / CVE / CVE-2026-8713

CVE-2026-8713

CRITICAL CVSS 9.1 other

The flaw

The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybe_delete_files function in all versions up to, and including, 3.15.3. This makes it possible for un

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-8713

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

In the news

Critical Flaw in WordPress Plugin Allows Arbitrary File Deletion on 1 Million Sitescyberpress.org · 2026-06-19

First seen 2026-06-19 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits