CVE-2026-56008
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
The Fusion Builder plugin for WordPress versions 3.15.4 and earlier contains a privilege escalation vulnerability exploitable by contributors. An attacker with contributor role can gain unauthorized access to administrative functions.
Risk Assessment
The organization risks unauthorized control over website content and settings by low-privileged users, potentially leading to page defacement, malicious code injection, or full site takeover.
Recommendation
Immediately update Fusion Builder to version 3.15.5 or later. Audit user accounts with contributor role and restrict their permissions to the minimum necessary.
Original NVD description (English source)
Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.

