CVE-2026-56008
Deferred Deferred - Pending Action
Fusion Builder Privilege Escalation Vulnerability

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56008
EUVD
EUVD-2026-39685
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wpbeaverbuilder fusion_builder to 3.15.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-56008 is a high-priority privilege escalation vulnerability found in the WordPress Fusion Builder Plugin versions 3.15.4 and below.

This flaw allows attackers who already have low-level access to the website to escalate their privileges, potentially gaining full control over the site.

It is categorized under OWASP Top 10 A7 (Identification and Authentication Failures) and has a CVSS score of 8.8, indicating a severe risk.

Impact Analysis

This vulnerability can have a severe impact by allowing attackers with limited access to escalate their privileges and gain full control of your website.

Such control can lead to unauthorized changes, data theft, site defacement, or use of the site for malicious purposes.

The vulnerability is actively exploited in mass campaigns targeting thousands of sites, increasing the risk of compromise.

Immediate action is required to update the plugin to version 3.15.5 or later, or to apply available mitigations.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the WordPress Fusion Builder Plugin to version 3.15.5 or later, which contains the patch for this privilege escalation flaw.

If updating is not possible right away, you should seek assistance from your hosting provider or a developer to help secure your site.

Additionally, Patchstack offers an automated mitigation rule that can be applied to block attacks targeting this vulnerability until the plugin is updated.

Compliance Impact

The vulnerability allows attackers with low-level access to escalate their privileges and potentially gain full control of the website. This can lead to unauthorized access to sensitive data, which may result in violations of data protection regulations such as GDPR and HIPAA.

Because the flaw falls under the OWASP Top 10 category A7 (Identification and Authentication Failures), it indicates weaknesses in authentication controls that are critical for maintaining compliance with standards requiring strict access controls and data protection.

Failure to patch this vulnerability could lead to data breaches or unauthorized data manipulation, thereby impacting compliance with regulations that mandate safeguarding personal and health information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56008. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart