6 matches found
HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation
The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the regrole parameter on the htmegaajaxregister function. This makes it possible for unauthenticated attackers to create administrator accounts. id...
CVE-2023-37999
creationtimestamp| type| source ---|---|--- 2025-01-30 02:17:49+00:00| seen| Telegram/mwOGtYpeLb6NwMm3XVbF1OQTZbiCjSFR5gPGLhNsdYvtZL9M 2025-12-01 02:41:35+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-37999.yaml 2025-12-04 21:02:37+00:00|...
CVE-2023-37999
Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0...
CVE-2023-37999 WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability
Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0...
CVE-2023-37999
HT Mega (Absolute Addons for Elementor) for WordPress
WordPress HT Mega Plugin <= 2.2.0 is vulnerable to Privilege Escalation
Software HT Mega Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37999 Patch priority High CVSS severity High 9.8 Developer HTMega PSID bbe5238c947f Credits Rafie Muhammad Patchstac...