Avada Builder WordPress Plugin Vulnerabilities Allow Credential Theft

Two vulnerabilities in the Avada Builder WordPress plugin, which has approximately one million active installations, enable attackers to read arbitrary files and extract sensitive database information. The flaws specifically allow unauthorized access to site credentials and other confidential data stored within affected WordPress sites. No specific CVE IDs, dates, or technical exploitation details were disclosed in the report. The vulnerabilities impact all versions of the plugin prior to a yet-unspecified patch. The primary risk involves credential theft and potential site compromise due to unauthorized data access.