A vulnerability classified as problematic has been found in themefusion Avada Builder Plugin up to 3.15.2 on WordPress. This vulnerability affects the function fusion_get_svg_from_file of the component Shortcode Handler . The manipulation of the argument custom_svg leads to absolute path traversal. This vulnerability is traded as CVE-2026-4782 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.