CVE-2026-32454

Name of the Vulnerable Software and Affected Versions ThemeFusion Avada Core versions prior to 5.15.0

Description An issue exists in ThemeFusion Avada Core fusion-core that allows for DOM-Based Cross-site Scripting (XSS). This occurs due to improper neutralization of input during web page generation. The issue affects the way user-supplied data is handled, potentially allowing an attacker to inject malicious scripts into web pages viewed by other users.

Recommendations Versions prior to 5.15.0 should be updated to version 5.15.0 or later.