854 matches found
WordPress HT Mega plugin <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions vulnerability
Improper Authorization to Authenticated Contributor+ Limited Administrator Actions vulnerability discovered by wesley wcraft in WordPress Plugin HT Mega versions = 2.9.1...
CVE-2025-8401
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'getpostdata' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive...
CVE-2025-8401
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'getpostdata' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive...
CVE-2025-8151
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'saveblockcss' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...
CVE-2025-8068
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajaxtrashtemplates' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, wi...
CVE-2025-8068
The CVE-2025-8068 issue affects the WordPress plugin HT Mega – Absolute Addons For Elementor. A vulnerability in the ajax_trash_templates function arises from an improper capability check, making authenticated users with Contributor-level access and above able to delete arbitrary attachment files...
CVE-2025-8068 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajaxtrashtemplates' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, wi...
CVE-2025-8068 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajaxtrashtemplates' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, wi...
CVE-2025-8401
The CVE concerns the WordPress plugin HT Mega – Absolute Addons For Elementor (WordPress) with vulnerable behavior in get_post_data. All versions up to and including 2.9.1 allow authenticated attackers with Author-level access or higher to disclose sensitive information, including the content of ...
CVE-2025-8401 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'getpostdata' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive...
CVE-2025-8151 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'saveblockcss' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...
CVE-2025-8401 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'getpostdata' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive...
CVE-2025-8151 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'saveblockcss' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...
CVE-2025-8151
CVE-2025-8151 (HT Mega – Absolute Addons For Elementor) is a path traversal vulnerability in the WordPress plugin HT Mega up to version 2.9.1. The flaw resides in the save_block_css function and can be exploited by an authenticated user with Author+ privileges to create and delete CSS files in an...
PT-2025-31507 · WordPress +1 · Absolute Addons For Elementor +1
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.9.2 Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to sensitive information exposure due to the get post data...
WordPress plugin HT Mega 安全漏洞
WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress, offering over 100 custom widgets, 360+ preset modules, and a variety of templates for blogs, sliders, collapsible menus, and other page elements. A security vulnerability exists in WordPress HT Mega plugin, which...
WordPress plugin HT Mega – Absolute Addons For Elementor 授权问题漏洞
WordPress HT Mega - Absolute Addons For Elementor plugin is an Elementor page builder plugin designed specifically for WordPress, offering over 100 custom widgets, 360+ preset modules, and multiple templates for blogs, sliders , collapsible menus and other page elements. A vulnerability exists in...
PT-2025-31505 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.9.2 Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to a path traversal issue. This allows authenticated attackers...
WordPress plugin HT Mega 径遍历漏洞
WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress, offering over 100 custom widgets, 360+ preset modules, and a variety of templates for blogs, sliders, collapsible menus, and other page elements. A path traversal vulnerability exists in the WordPress HT Mega...
PT-2025-31504 · Elementor +1 · Elementor +1
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.9.2 Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to unauthorized modification and data loss. This is due to an...