A vulnerability, which was classified as critical , was found in themefusion Avada Builder Plugin up to 3.15.2 on WordPress. This affects the function Fusion_Builder_Conditional_Render_Helper::get_value of the component AJAX Endpoint . Such manipulation leads to injection. This vulnerability is uniquely identified as CVE-2026-6279 . The attack can be launched remotely. No exploit exists. You should upgrade the affected component.