Security Advisory: Update Avada Builder and UpdraftPlus WordPress Plugins Immediately
Incident
Report for Liquid Web - Services
Subscribe to Updates
Investigating
We are advising all customers using WordPress to verify that the following plugins are updated to the latest available versions.
Recently disclosed vulnerabilities affect older versions of these plugins:
CVE-2026-6279 – Avada Builder (Fusion Builder) – Unauthenticated Remote Code Execution
Affected versions: 3.15.2 and earlier
CVE-2026-10795 – UpdraftPlus Backup Plugin – Authentication Bypass
Affected versions: 1.26.4 and earlier
These vulnerabilities may allow unauthenticated attackers to gain control of vulnerable WordPress sites and compromise WordPress user accounts if the plugins have not been updated to the latest available versions.
If your website uses either of these plugins, we strongly recommend that you:
Update the affected plugin(s) to the latest available version immediately.
Review your WordPress installation for any unexpected administrator accounts, plugins, or modified files.
Contact our Support team if you believe your website has been affected or if you need assistance reviewing your installation.
Recently disclosed vulnerabilities affect older versions of these plugins:
CVE-2026-6279 – Avada Builder (Fusion Builder) – Unauthenticated Remote Code Execution
Affected versions: 3.15.2 and earlier
CVE-2026-10795 – UpdraftPlus Backup Plugin – Authentication Bypass
Affected versions: 1.26.4 and earlier
These vulnerabilities may allow unauthenticated attackers to gain control of vulnerable WordPress sites and compromise WordPress user accounts if the plugins have not been updated to the latest available versions.
If your website uses either of these plugins, we strongly recommend that you:
Update the affected plugin(s) to the latest available version immediately.
Review your WordPress installation for any unexpected administrator accounts, plugins, or modified files.
Contact our Support team if you believe your website has been affected or if you need assistance reviewing your installation.
This incident affects: InterWorx.