CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/05/02 4:52 p.m.•11 views

CVE-2024-2084 HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS6.1AI score0.0032EPSS

CVE•added 2024/05/02 4:52 p.m.•67 views

CVE-2024-2084

CVE-2024-2084 affects HT Mega – Absolute Addons For Elementor (WordPress) via the lightbox widget. Connected sources confirm a Stored XSS due to insufficient input sanitization and output escaping for user-supplied attributes in versions up to and including 2.4.6. Impact requires authentication a...

6.4CVSS5.7AI score0.0032EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/05/02 4:52 p.m.•12 views

CVE-2023-6214 HT Mega – Absolute Addons For Elementor <= 2.4.6 - Sensitive Information Exposure via purchased_products

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchasedproducts function. This makes it possible for unauthenticatied attackers to extract sensitive data including the previous 7...

7.5CVSS5.9AI score0.00614EPSS

CVE•added 2024/05/02 4:52 p.m.•51 views

CVE-2023-6214

CVE-2023-6214 (HT Mega – Absolute Addons For Elementor) affects the WordPress plugin HT Mega up to version 2.4.6. The root issue is a data exposure in the purchased_products function, allowing unauthenticated access to the previous 7 days of order data and customer PII. The vulnerability is categ...

7.5CVSS6.4AI score0.00614EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/05/02 4:52 p.m.•12 views

CVE-2024-2790

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00323EPSS

Vulnrichment•added 2024/05/02 4:51 p.m.•14 views

CVE-2024-3308 HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00423EPSS

CVE•added 2024/05/02 4:51 p.m.•65 views

CVE-2024-2085

The CVE-2024-2085 issue affects HT Mega – Absolute Addons For Elementor (WordPress). It is a Stored XSS due to insufficient input sanitization and output escaping on the size attribute in multiple widgets. Affected versions are up to 2.4.6. Exploitation requires an authenticated user with contrib...

6.4CVSS5.7AI score0.0032EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/05/02 4:51 p.m.•27 views

CVE-2024-2085 HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size'

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.0032EPSS

7.5CVSS6.4AI score0.00614EPSS

WordPress plugin HT Mega 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Exploits0References4

6.4CVSS6.3AI score0.0032EPSS

WordPress plugin HT Mega 安全漏洞

CNNVD•added 2024/05/02 12:0 a.m.•2 views

WordPress plugin HT Mega 安全漏洞

6.4CVSS6.3AI score0.00323EPSS

6.4CVSS6AI score0.00322EPSS

WordPress plugin HT Mega 安全漏洞

Exploits0References4

CNNVD•added 2024/05/02 12:0 a.m.•2 views

WordPress plugin HT Mega 安全漏洞

6.4CVSS6AI score0.00423EPSS

Positive Technologies•added 2024/05/02 12:0 a.m.•2 views

PT-2024-25112 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.4.9 Description: The issue is related to Stored Cross-Site Scripting via the Image Grid widget's attributes due to insufficient input sanitization a...

6.4CVSS5.9AI score0.00423EPSS

Exploits0References5

Positive Technologies•added 2024/05/02 12:0 a.m.•2 views

PT-2024-18748 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.4.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's lightbox widget due to insufficient input sanitization and...

6.4CVSS6AI score0.0032EPSS

Exploits0References5

6.4CVSS6.1AI score0.0032EPSS

WordPress plugin HT Mega 安全漏洞

OSV•added 2024/04/24 8:15 a.m.•2 views

CVE-2024-32782

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7...

6.5CVSS5.8AI score

Exploits0References1

NVD•added 2024/04/24 8:15 a.m.•10 views

CVE-2024-32782

Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.4.7...

6.5CVSS4.6AI score0.00871EPSS