Security Advisory: Update Avada Builder and UpdraftPlus WordPress Plugins Immediately

Minor · Started Jun 26, 2026 · 1:23 AM

Duration

Ongoing
Severity

Minor
Detection lead

—
User reports

—

Summary

Security Advisory: Update Avada Builder and UpdraftPlus WordPress Plugins Immediately

We are advising all customers using WordPress to verify that the following plugins are updated to the latest available versions. Recently disclosed vulnerabilities affect older versions of these plugins: CVE-2026-6279 – Avada Builder (Fusion Builder) – Unauthenticated Remote Code Execution Affected versions: 3.15.2 and earlier CVE-2026-10795 – UpdraftPlus Backup Plugin – Authentication Bypass Affected versions: 1.26.4 and earlier These vulnerabilities may allow unauthenticated attackers to gain control of vulnerable WordPress sites and compromise WordPress user accounts if the plugins have not been updated to the latest available versions. If your website uses either of these plugins, we strongly recommend that you: Update the affected plugin(s) to the latest available version immediately. Review your WordPress installation for any unexpected administrator accounts, plugins, or modified files. Contact our Support team if you believe your website has been affected or if you need assistance reviewing your installation.

Started

Jun 26, 2026 · 1:23 AM
Status

Investigating
Duration

Ongoing
Severity

None

Event timeline

How this incident unfolded

◐

Investigating
Jun 26 · 1:23 AM Liquid Web

We are advising all customers using WordPress to verify that the following plugins are updated to the latest available versions. Recently disclosed vulnerabilities affect older versions of these plugins: CVE-2026-6279 – Avada Builder (Fusion Builder) – Unauthenticated Remote Code Execution Affected versions: 3.15.2 and earlier CVE-2026-10795 – UpdraftPlus Backup Plugin – Authentication Bypass Affected versions: 1.26.4 and earlier These vulnerabilities may allow unauthenticated attackers to gain control of vulnerable WordPress sites and compromise WordPress user accounts if the plugins have not been updated to the latest available versions. If your website uses either of these plugins, we strongly recommend that you: Update the affected plugin(s) to the latest available version immediately. Review your WordPress installation for any unexpected administrator accounts, plugins, or modified files. Contact our Support team if you believe your website has been affected or if you need assistance reviewing your installation.

Pattern

Other recent incidents

Browse full incident history →

Get alerted before the next Liquid Web outage.

Pulsetic catches degradations minutes before vendors acknowledge them.

Start monitoring free

SOLUTIONS

For SaaS

For Agencies

For E-commerce

For Developers

For DevOps

For Startups

For Hosting Providers
MONITORING

SSL Monitoring

Ping Monitoring

Port Monitoring

TCP Monitoring

Keyword Monitoring

Cron Monitoring

Domain Monitoring

SLA Monitoring

API Monitoring
STATUS

ChatGPT

Claude

Cloudflare

GitHub

Shopify

Slack

Stripe

Supabase
SERVICE

Pricing

Status Pages

Status Badges

API

MCP Server

Is Website Down?

Website Errors

Free Tools

SLA Calculator

Cron Generator

DNS Lookup

DNS Checker

Bulk URL Checker

SPF Checker

DMARC Checker
COMPARE

Statuspage Atlassian

Better Stack

Uptimerobot

StatusCake

Freshping

Pingdom

Site24x7

Uptime.com

incident.io

Uptime Kuma
ACCOUNT

Login

Dashboard

Help

Support

Lost Password

Privacy

Terms

DPA

Cookies Policy

Affiliate Program

Stay online, all the time, with Pulsetic's uptime prime.

By Designmodo

Designmodo Inc. 169 Madison Ave, #79627, New York, NY 10016, United States