CVE-2026-42157: Avada Builder WordPress Plugin

CVSSawaiting NVD

ExploitationNo exploitation reported

Triage statusUnder Review

ActionSchedule for next cycle

Affected product

Avada Builder WordPress Plugin

Remediation Steps

Update Avada Builder plugin to patched version immediately on all 1M+ affected installations
Audit database for unauthorized data extraction via arbitrary file read vulnerability
Restrict file read permissions in WordPress configuration to essential directories only
Review user database for suspicious account creation or privilege changes
Implement WordPress security hardening including input sanitization on all custom fields

References

https://www.wordpress.org/plugins/avada/
https://www.avada.io/security-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-42157

Coverage on defend.network

Vulnerability Priority Report – Week 3 of May 2026 (May 18 – 24)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Affected product

Remediation Steps

References

Coverage on defend.network

Get Critical CVE Alerts