PLUGIN SECURITY
Is Avada Builder safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Avada Builder WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
fusion-builder - Requires PHP: 7.4+
Known vulnerabilities
- CVE-2022-1386 — Fusion Builder [fusion-builder] < 3.6.2 (SSRF) · Critical
- CVE-2023-39311 — Fusion Builder [fusion-builder] < 3.11.2 (CSRF) · High
- CVE-2023-39310 — Fusion Builder [fusion-builder] < 3.11.2 (Missing Authorization) · Medium
- CVE-2023-39309 — Fusion Builder [fusion-builder] < 3.11.2 (SQL Injection) · High
- CVE-2023-39306 — Fusion Builder [fusion-builder] < 3.11.2 (XSS) · High
+ 21 more known vulnerabilities
- CVE-2024-5628 — Fusion Builder [fusion-builder] < 3.11.10 (XSS) · Medium
- CVE-2024-12335 — Fusion Builder [fusion-builder] < 3.11.13 (CWE-639) · Medium
- CVE-2024-12477 — Fusion Builder [fusion-builder] < 3.11.12 (XSS) · Medium
- CVE-2024-13345 — Fusion Builder [fusion-builder] < 3.11.14 (Code Injection) · High
- CVE-2025-1665 — Fusion Builder [fusion-builder] < 3.11.15 (XSS) · Medium
- CVE-2025-6747 — Fusion Builder [fusion-builder] < 3.12.2 (XSS) · Medium
- CVE-2025-49940 — Fusion Builder [fusion-builder] < 3.13.3 (XSS) · Medium
- CVE-2026-25472 — Fusion Builder [fusion-builder] < 3.14.2 (XSS) · Medium
- CVE-2026-32452 — Fusion Builder [fusion-builder] < 3.15.0 (Missing Authorization) · Medium
- CVE-2026-32451 — Fusion Builder [fusion-builder] < 3.15.0 (Missing Authorization) · Medium
- CVE-2026-32542 — Fusion Builder [fusion-builder] < 3.15.0 (XSS) · High
- CVE-2026-1541 — Fusion Builder [fusion-builder] < 3.15.2 · Medium
- CVE-2026-1509 — Fusion Builder [fusion-builder] < 3.15.2 · Medium
- CVE-2026-4782 — Fusion Builder [fusion-builder] < 3.15.3 (CWE-36) · Medium
- CVE-2026-4798 — Fusion Builder [fusion-builder] < 3.15.2 (SQL Injection) · High
- CVE-2026-6279 — Fusion Builder [fusion-builder] < 3.15.3 (CWE-74) · Critical
- CVE-2026-1543 — Fusion Builder [fusion-builder] < 3.15.3 (XSS) · Medium
- CVE-2026-54194 — Fusion Builder [fusion-builder] < 3.15.5 (Insecure Deserialization) · Critical
- CVE-2026-54193 — Fusion Builder [fusion-builder] < 3.15.5 (Path Traversal) · High
- CVE-2026-8713 — Fusion Builder [fusion-builder] < 3.15.4 (Path Traversal) · Critical
- CVE-2026-56008 — Fusion Builder [fusion-builder] < 3.15.5 (CWE-266) · High
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Contact Form 7 — 10000000+ active installs — max PHP 8.4
- Akismet Anti-spam: Spam Protection — 6000000+ active installs — max PHP 8.4
- WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More — 5000000+ active installs
- Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder — 700000+ active installs — max PHP <8.0
- Ninja Forms – The Contact Form Builder That Grows With You — 600000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.