Calum Elrick

**Name of the Vulnerable Software and Affected Versions** Fusion Builder WordPress plugin versions prior to 3.6.2 **Description** The issue concerns a lack of validation for a parameter in the plugin's forms, allowing for arbitrary HTTP requests. The returned data is reflected back in the application's response, potentially enabling interaction with hosts on the server's local network and bypassing firewalls and access control measures. **Recommendations** For Fusion Builder WordPress plugin versions prior to 3.6.2, update to version 3.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's forms to minimize the risk of exploitation.