CVE-2026-6646 | Dream-Theme The7 Plugin up to 14.3.2 on WordPress Shortcode dt_default_button cross site scripting

A vulnerability was found in Dream-Theme The7 Plugin up to 14.3.2 on WordPress. It has been declared as problematic. This affects the function dt_default_button of the component Shortcode Handler. The manipulation results in cross site scripting.

This vulnerability is identified as CVE-2026-6646. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More