Primary

Context

Builderall Builder for WordPress Code Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A code injection vulnerability has been identified in the Builderall Builder for WordPress plugin, specifically in versions through 3.0.1. This vulnerability allows remote code execution, enabling attackers to execute arbitrary commands on the affected website, potentially leading to full control over the site.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected website, which could be used to gain unauthorized access and control over the site.

Remediation

Users are advised to update to the latest version of the Builderall Builder for WordPress plugin. For those using Patchstack, a mitigation rule has been issued to block attacks until an official patch is available.

Added: Mar 5, 2026, 7:42 AM

Updated: Mar 5, 2026, 7:42 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Builderall Builder for WordPress Code Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating