2 matches found
WordPress HT Mega plugin <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions vulnerability
Authenticated Author+ Path Traversal to Limited Arbitrary CSS File Actions vulnerability discovered by wesley wcraft in WordPress Plugin HT Mega versions = 2.9.1...
CVE-2025-8151 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'saveblockcss' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...