3 matches found
CVE-2024-4876
CVE-2024-4876 refers to HT Mega – Absolute Addons For Elementor (WordPress). Connected Red Hat/Wordfence data confirm a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping in the popover_header_text parameter, affecting HT Mega versions up to 2.5.2...
CVE-2024-4876 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popoverheadertext’ parameter in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
WordPress HT Mega Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS)
Software HT Mega Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4876 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID feb0aa615e6b Credits wesley wcraft Required privilege...