> TritonInfoSec News
Home / May 17, 2026 / Story
0
#8 BleepingComputer general May 15, 2026 at 15:56 UTC

Avada Builder WordPress plugin flaws allow site credential theft

By Bill Toulas

AI Summary

Two vulnerabilities in the Avada Builder WordPress plugin — installed on an estimated one million active sites — allow attackers to read arbitrary files and extract sensitive database credentials. The flaws represent a significant supply chain risk given the plugin's massive install base, enabling credential theft at scale. WordPress administrators should update Avada Builder to the latest patched version without delay.

Read full article → https://www.bleepingcomputer.com/news/security/ava…

Relevance score: 75.0/100

# More from May 17

  1. 1
    Microsoft warns of Exchange zero-day flaw exploited in attacks BleepingComputer
  2. 2
    Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 SecurityWeek
  3. 3
    Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access The Hacker News
  4. 4
    Popular node-ipc npm package compromised to steal credentials BleepingComputer
  5. 5
    OpenAI Hit by TanStack Supply Chain Attack SecurityWeek
  6. 6
    Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own BleepingComputer
  7. 7
    Funnel Builder WordPress plugin bug exploited to steal credit cards BleepingComputer
  8. 9
    PoC Code Published for Critical NGINX Vulnerability SecurityWeek
  9. 10
    Microsoft backpedals: Edge to stop loading passwords into memory BleepingComputer