A vulnerability has been found in posimyththemes Plus Addons for Elementor Plugin up to 6.4.11 and classified as problematic. Affected is the function render of the file modules/widgets/tp_button.php of the component Button Widget. The manipulation of the argument custom_attributes leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-15285. The attack is possible to be carried out remotely. No exploit exists.