104 matches found
WordPress plugin HT Mega – Absolute Addons For Elementor 授权问题漏洞
WordPress HT Mega - Absolute Addons For Elementor plugin is an Elementor page builder plugin designed specifically for WordPress, offering over 100 custom widgets, 360+ preset modules, and multiple templates for blogs, sliders , collapsible menus and other page elements. A vulnerability exists in...
PT-2025-31504 · Elementor +1 · Elementor +1
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.9.2 Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to unauthorized modification and data loss. This is due to an...
PT-2025-31505 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.9.2 Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to a path traversal issue. This allows authenticated attackers...
PT-2025-31507 · WordPress +1 · Absolute Addons For Elementor +1
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.9.2 Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to sensitive information exposure due to the get post data...
CVE-2025-53206 WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows Stored XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through = 1.0....
CVE-2024-1397
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it...
CVE-2024-3990
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-5173
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-3308
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-4875
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...
CVE-2024-2085
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-1802
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘markertitle’, 'notificationcontent', and 'sttbuttontext' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This...
CVE-2025-1802
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘markertitle’, 'notificationcontent', and 'sttbuttontext' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This...
CVE-2025-1802 HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘markertitle’, 'notificationcontent', and 'sttbuttontext' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This...
CVE-2025-1802
CVE-2025-1802 (HT Mega – Absolute Addons For Elementor, WordPress) : Stored Cross-Site Scripting via the marker_title, notification_content, and stt_button_text parameters affects all versions up to and including 2.8.3. Root cause is insufficient input sanitization and output escaping. This enabl...
CVE-2025-1261 HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
CVE-2025-1261
CVE-2025-1261 affects HT Mega – Absolute Addons For Elementor (WordPress) up to version 2.8.2. It is a DOM-Based Stored Cross-Site Scripting vulnerability in the Countdown widget caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authe...
WordPress HT Mega plugin <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin HT Mega versions = 2.8.2...
WordPress plugin HT Mega 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-12599
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...