Lucene search
K

702 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.32 views

CVE-2025-1261

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.20 views

CVE-2024-2084

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.9 views

CVE-2024-2790

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203185

The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidetitle' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping in JavaScript. This makes it possible for authenticated attackers, wi...

6.4CVSS4.7AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2025/12/13 4:16 p.m.6 views

CVE-2025-14278

The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidetitle' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping in JavaScript. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00192EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/13 3:20 a.m.28 views

CVE-2025-14278 HT Slider for Elementor <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidetitle' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping in JavaScript. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00192EPSS
Exploits0References4
CVE
CVE
added 2025/12/13 3:20 a.m.16 views

CVE-2025-14278

CVE-2025-14278 refers to the HT Slider for Elementor WordPress plugin. The issue is a Stored Cross-Site Scripting (XSS) vulnerability via the slide_title parameter in all versions up to and including 1.7.4, caused by insufficient input sanitization and output escaping in JavaScript. Impact requir...

6.4CVSS4.7AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51047

The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide title' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping in JavaScript. This makes it possible for authenticated attackers,...

6.4CVSS5AI score0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.4 views

WordPress plugin HT Slider for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.4CVSS5.8AI score0.00192EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/12/12 10:10 p.m.7 views

WordPress HT Slider for Elementor plugin <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin HT Slider For Elementor versions = 1.7.4...

6.4CVSS5.5AI score0.00192EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/11/25 12:0 a.m.5 views

WordPress HT Mega plugin cross-site scripting vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...

6.4CVSS5.9AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 9:15 a.m.6 views

CVE-2025-13141

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gutenberg blocks in all versions up to, and including, 3.0.0 due to insufficient input validation on user-supplied HTML tag names. This is due to the lack of a tag name...

6.4CVSS0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 8:28 a.m.4 views

CVE-2025-13141 HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gutenberg blocks in all versions up to, and including, 3.0.0 due to insufficient input validation on user-supplied HTML tag names. This is due to the lack of a tag name...

6.4CVSS4.6AI score0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/21 8:28 a.m.10 views

CVE-2025-13141 HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gutenberg blocks in all versions up to, and including, 3.0.0 due to insufficient input validation on user-supplied HTML tag names. This is due to the lack of a tag name...

6.4CVSS0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.5 views

WordPress plugin HT Mega 跨站脚本漏洞

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...

6.4CVSS6AI score0.00186EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/20 11:41 p.m.8 views

WordPress HT Mega – Absolute Addons For Elementor plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Tag Attribute Injection vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin HT Mega versions = 3.0.0...

6.4CVSS6AI score0.00186EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/10 1:23 a.m.6 views

WordPress Insert Headers and Footers Code – HT Script plugin <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Insert Headers and Footers Code – HT Script versions = 1.1.6...

6.4CVSS6AI score0.00176EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/08 3:27 a.m.4 views

CVE-2025-12112 Insert Headers and Footers Code – HT Script <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting

The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adding scripts in all versions up to, and including, 1.1.6 due to insufficient capability checks. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/10/31 4:38 p.m.4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...

5.5CVSS6.3AI score0.00225EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-5759

Malware in sbrugna...

7.8CVSS6.4AI score0.0167EPSS
Exploits0References7
Rows per page
Query Builder