CVE-2026-6646 | Dream-Theme The7 Plugin up to 14.3.2 on WordPress Shortcode dt_default_button cross site scripting

Inserito da Angelo Barbosa | Mag 15, 2026 | CVE

A vulnerability was found in Dream-Theme The7 Plugin up to 14.3.2 on WordPress. It has been declared as problematic. This affects the function dt_default_button of the component Shortcode Handler. The manipulation results in cross site scripting.

This vulnerability is identified as CVE-2026-6646. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.

CVE-2026-6646 | Dream-Theme The7 Plugin up to 14.3.2 on WordPress Shortcode dt_default_button cross site scripting

Post correlati

CVE-2024-3988 | shaonsina Sina Extension for Elementor Plugin up to 3.5.2 on WordPress Fancy Text Widget cross site scripting

CVE-2024-27874 | Apple iOS/iPadOS up to 17.7 State Management denial of service

CVE-2024-7942 | SourceCodester Leads Manager Tool 1.0 update-leads.php phone_number cross site scripting

CVE-2023-29051 | Open-Xchange OX App Suite up to 7.10.6-rev51/8.17 OXMF Template access control (oxas-adv-2023-0006)