Product
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to unauthenticated remote code execution (RCE) due to PHP function injection, allowing attackers to execute arbitrary code on affected sites.