Avada Builder - Geek Feed

Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin

June 23, 2026June 23, 2026 geekfeed0Tagged Actively Exploited, Avada Builder, CVE-2026-4020, Gravity SMTP, Plugin, vulnerability, wordpress

Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. The flaw is tracked as CVE-2026-4020 and received a medium severity rating. It affects all versions of the plugin from 2.1.4 and older and has been addressed in version 2.1.5, released on March 17. WordPress security […]

2 mins read

Avada Builder WordPress plugin flaws allow site credential theft

May 18, 2026May 18, 2026 geekfeed0Tagged Arbitrary File Read, Avada Builder, CVE-2026-4782, Plugin, SQL Injection, Website, Website Takeover, wordpress

Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. One of the flaws is tracked as CVE-2026-4782 and can be exploited in all versions of the plugin through 3.15.2 by an authenticated users with at […]

2 mins read