WordPress plugin HT Mega – Absolute Addons For Elementor 授权问题漏洞

WordPress HT Mega - Absolute Addons For Elementor plugin is an Elementor page builder plugin designed specifically for WordPress, offering over 100 custom widgets, 360+ preset modules, and multiple templates for blogs, sliders , collapsible menus and other page elements. A vulnerability exists in...

CVE-2023-51529

Cross-Site Request Forgery CSRF vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3...

CVE-2025-1802 HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘markertitle’, 'notificationcontent', and 'sttbuttontext' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This...

CVE-2024-12599

CVE-2024-12599 affects HT Mega – Absolute Addons For Elementor (WordPress). It is a Stored XSS via the Countdown widget in all versions up to 2.8.1, caused by insufficient input sanitization and output escaping for user-supplied attributes. Exploitation requires authenticated access at contributo...

CVE-2024-52496

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through = 1.0.14...

CVE-2024-12597

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockcss' and 'innercss' parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

CVE-2024-52496

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through = 1.0.14...

CVE-2024-52496 WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through = 1.0.14...

CVE-2024-52496

CVE-2024-52496 concerns WordPress plugin Absolute Addons For Elementor (1.0.14.

CVE-2024-52496 WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through = 1.0.14...

WordPress plugin Absolute Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35337 · Elementor · Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Absolute Addons For Elementor versions 1.0.14 and earlier Description: The issue is related to improper control of filenames for include/require statements in PHP programs, also known as PHP Remote File Inclusion. This allows for Local Code...

WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Absolute Addons For Elementor versions = 1.0.14...

WordPress Absolute Addons For Elementor Plugin <= 1.0.14 is vulnerable to Local File Inclusion

Software Absolute Addons For Elementor Type Plugin Vulnerable versions = 1.0.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-52496 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 8fa5adc3e92a Credits João Pedro S Alcântara Kinort...

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id vulnerability

Authenticated Contributor+ Sensitive Information Exposure via templateid vulnerability discovered by Ankit Patel in WordPress Plugin HT Mega versions = 2.6.5...

CVE-2024-8910

CVE-2024-8910 concerns HT Mega – Absolute Addons For Elementor for WordPress. The vulnerability affects versions up to and including 2.6.5 and enables Sensitive Information Exposure via the render function in includes/widgets/htmega_accordion.php. Exploitation requires at least Contributor-level ...

CVE-2024-5215 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5215

CVE-2024-5215 affects the HT Mega – Absolute Addons For Elementor WordPress plugin. The vulnerability is Stored Cross‑Site Scripting caused by insufficient input sanitization and output escaping on user-supplied attributes in multiple widgets. Affected versions are all up to and including 2.5.5. ...

WordPress Plugin HT Mega Absolute Addons For Elementor Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

WordPress Plugin HT Mega Absolute Addons For Elementor Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...