A vulnerability was found in Dream-Theme The7 Plugin up to 14.3.2 on WordPress. It has been declared as problematic . This affects the function dt_default_button of the component Shortcode Handler . The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-6646 . The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.