PT-2025-31507 · WordPress +1 · Absolute Addons For Elementor +1

🗓️ 31 Jul 2025 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

HT Mega plugin for WordPress exposes sensitive data to authenticated attackers in versions up to 2.9.1

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2025-8401	31 Jul 202514:02	–	circl
CNNVD	WordPress plugin HT Mega – Absolute Addons For Elementor 授权问题漏洞	31 Jul 202500:00	–	cnnvd
CNVD	WordPress HT Mega - Absolute Addons For Elementor plugin Information Disclosure Vulnerability	10 Aug 202500:00	–	cnvd
CVE	CVE-2025-8401	31 Jul 202511:19	–	cve
Cvelist	CVE-2025-8401 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure	31 Jul 202511:19	–	cvelist
EUVD	EUVD-2025-23263	3 Oct 202520:07	–	euvd
NVD	CVE-2025-8401	31 Jul 202512:15	–	nvd
OSV	CVE-2025-8401	31 Jul 202512:15	–	osv
Patchstack	WordPress HT Mega plugin <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure vulnerability	31 Jul 202521:49	–	patchstack
RedhatCVE	CVE-2025-8401	2 Aug 202520:23	–	redhatcve

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3336533
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-8401
t	www.t.me/cveNotify/130376
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/9540b339-3386-4ee8-8141-acb9f3d83772
t	www.t.me/CVEtracker/28856
twitter	www.twitter.com/CVEnew/status/1950887270203986328
twitter	www.twitter.com/marcin_brz81183/status/1952055708549001672
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
twitter	www.twitter.com/VulmonFeeds/status/1950904392476971031
plugins	www.plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.9.1/htmega-blocks/includes/classes/Manage_Styles.php

03 Aug 2025 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.14.3

EPSS0.00159

SSVC

ht mega plugin sensitive data exposure wordpress vulnerability authenticated attackers content breach