Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. [...]
Avada Builder WordPress plugin flaws allow site credential theft
Summary + source link. No paywalls, no tracking.