What is CVE-2022-1386?

CVE-2022-1386 is a vulnerability in Fusion Builder, classified under Server-Side Request Forgery (SSRF). Published 2022-05-16.

Is CVE-2022-1386 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Fusion Builder

CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's re…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.936 (99.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Fusion Builder — versions 3.6.2

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

Public proof-of-concept exploits

References

wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b (x_refsource_MISC)
www.rootshellsecurity.net/rootshell-discovered-a-critical-vulnerability-in-top-… (x_refsource_MISC)
theme-fusion.com/version-7-6-2-security-update/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1386?: CVE-2022-1386 is a vulnerability in Fusion Builder, classified under Server-Side Request Forgery (SSRF). Published 2022-05-16.
Is CVE-2022-1386 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.