Two vulnerabilities in the Avada Builder plugin have exposed around one million WordPress websites to attacks that could reveal sensitive files or extract database information, prompting urgent calls ...