Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

Two vulnerabilities in the Avada Builder plugin (approximately one million active installations) allow credential theft and database extraction: CVE-2026-4782 enables any authenticated subscriber to read wp-config.php and obtain database credentials and encryption keys via path traversal; CVE-2026-4798 allows unauthenticated SQL injection to extract password hashes on sites where WooCommerce was ever installed. Both are patched in version 3.15.3, released May 12, 2026.

Author

Tech Jacks Solutions