CVE 9.8 CRITICAL

WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability_CVE-2026-54194

June 16, 2026 invoker category_cve
9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.

Basic Information

ID CVE-2026-54194
Source Patchstack
Published Jun 16, 2026 at 20:56

Affected Product

Vendor ThemeFusion
Product Fusion Builder
Version n/a
Affected Versions ThemeFusion Fusion Builder n/a

CWE Classification

CWE-502

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.