Tag
The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection (CVE-2026-4798) via the ‘product_order’ parameter in versions up to 3.15.1, potentially allowing unauthenticated attackers to extract sensitive database information if WooCommerce was previously used and deactivated.