Avada Builder WordPress plugin flaws allow site credential theft

Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. […]

Source: BleepingComputer