EUVD-2025-7381

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

HT Mega Elementor plugin is vulnerable to Cross-Site Scripting via Countdown widget until version 2.8.2

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-1261	8 Mar 202502:35	–	circl
CNNVD	WordPress plugin HT Mega 跨站脚本漏洞	8 Mar 202500:00	–	cnnvd
CVE	CVE-2025-1261	8 Mar 202501:44	–	cve
Cvelist	CVE-2025-1261 HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget	8 Mar 202501:44	–	cvelist
NVD	CVE-2025-1261	8 Mar 202502:15	–	nvd
OSV	CVE-2025-1261	8 Mar 202502:15	–	osv
Patchstack	WordPress HT Mega plugin <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget vulnerability	8 Mar 202501:27	–	patchstack
RedhatCVE	CVE-2025-1261	7 Jan 202609:18	–	redhatcve
Vulnrichment	CVE-2025-1261 HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget	8 Mar 202501:44	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (March 3, 2025 to March 9, 2025)	13 Mar 202514:48	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "8b7652de-e2c7-36de-aa25-7b2498224a9d",
        "vendor": {
          "name": "devitemsllc"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "8b3b61bb-f5d2-3bbc-b5b2-3664c1642261",
        "product": {
          "name": "HT Mega – Absolute Addons For Elementor"
        },
        "product_version": "* ≤2.8.2"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/e553135d-88e0-4840-99ad-9514c2243b7d
plugins	www.plugins.trac.wordpress.org/changeset/3249106/ht-mega-for-elementor/tags/2.8.3/assets/js/htmega-widgets-active.js
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-1261

03 Oct 2025 20:07Current

9High risk

Vulners AI Score9

CVSS 3.15.4 - 6.4

EPSS0.00176

SSVC