CVE Catalog

CVE-2026-12256

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile — higher than 38% of all known CVEs

Summary

Avada versions up to 3.15.3 are vulnerable to PHP Object Injection, potentially allowing unauthorized access to the system.

Risk Assessment

An attacker could exploit this vulnerability to gain control over the application, posing a serious threat to data security.

Recommendation

It is recommended to update to the latest version of Avada to mitigate this vulnerability.

Original NVD description (English source)

Contributor PHP Object Injection in Avada <= 3.15.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS