CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

104 matches found

HT Mega < 3.0.7 - Sensitive Information Disclosure

The HT Mega plugin for WordPress is vulnerable to Sensitive Information Exposure via AJAX actions. This template dynamically extracts the security nonce before exploitation. id: CVE-2026-4106 info: name: HT Mega 3.0.7 - Sensitive Information Disclosure author: EFETR severity: high description: |...

5.3CVSS5.8AI score0.0039EPSS

Exploits1References2

Patchstack•added 2026/04/24 9:0 a.m.•4 views

WordPress HT Mega plugin < 3.0.7 - Unauthenticated PII Disclosure vulnerability

Unauthenticated PII Disclosure vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin HT Mega versions 3.0.7...

5.3CVSS5.2AI score0.0039EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/04/23 6:0 a.m.•26 views

CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...

0.0039EPSS

Exploits1References1

Patchstack•added 2026/02/02 9:16 a.m.•4 views

WordPress HT Mega plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gallery Justify vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin HT Mega versions = 2.5.0...

6.4CVSS5.3AI score0.00229EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/07 9:18 a.m.•8 views

CVE-2025-1261

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00361EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:13 a.m.•6 views

CVE-2024-2084

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.8AI score0.00148EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:13 a.m.•6 views

CVE-2024-2790

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00177EPSS

Exploits0References1

CNVD•added 2025/11/25 12:0 a.m.•3 views

WordPress HT Mega plugin cross-site scripting vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...

6.4CVSS5.9AI score0.00032EPSS

Exploits0References1

Cvelist•added 2025/11/21 8:28 a.m.•5 views

CVE-2025-13141 HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gutenberg blocks in all versions up to, and including, 3.0.0 due to insufficient input validation on user-supplied HTML tag names. This is due to the lack of a tag name...

6.4CVSS0.00032EPSS

Exploits0References2