A vulnerability was found in themefusion Avada Builder Plugin up to 3.15.2 on WordPress and classified as problematic . This issue affects some unknown processing of the component Dynamic Data Feature . Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-1543 . The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.