WordPress HT Mega plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin HT Mega versions = 2.4.9...

WordPress HT Mega Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2790 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID 4a7e7d012646 Credits Ngô Thiên An ancorn - VNPT-VCI Dau Hoang...

WordPress HT Mega Plugin <= 2.4.9 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.4.9 Fixed in 2.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3307 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID d87a1e471944 Credits Webbernaut Required privilege Contributor...

HT Mega < 2.4.7 - Contributor+ Stored XSS via size

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to...

HT Mega < 2.4.7 - Unauthenticated Order Data Disclosure

Description The plugin is vulnerable to Sensitive Information Exposure via the purchasedproducts function, allowing unauthenticatied attackers to extract sensitive data including the previous 7 days of order data including products and customer PII...

HT Mega < 2.4.9 - Contributor+ Stored XSS via Accordion/FAQ

Description The plugin is vulnerable to Stored Cross-Site Scripting via Accordion widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

HT Mega < 2.5.0 - Contributor+ Stored XSS via Countdown Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that...

WordPress HT Mega Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2085 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID ff91a9cf39da Credits wesley wcraft Required privilege...

WordPress Plugin Mega Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

HT Mega < 2.5.0 - Contributor+ Stored XSS via Image Grid Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages th...

WordPress HT Mega Plugin <= 2.4.6 is vulnerable to Sensitive Data Exposure

Software HT Mega Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6214 Patch priority High CVSS severity High 7.5 Developer HTMega PSID 4ecd8a800f95 Credits Francesco Carlucci Required privilege...

WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Mega Elements versions = 1.1.9...

WordPress Mega Elements Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b1637cfd5a7d Credits Khalid Yusuf Required privilege...

WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Friday Patchstack Alliance in WordPress Plugin Mega Addons For Elementor versions = 1.8...

CVE-2024-1974

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files...

CVE-2024-1974 HT Mega – Absolute Addons For Elementor <= 2.4.5 - Authenticated (Contributor+) Directory Traversal

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files...

CVE-2024-1974 HT Mega – Absolute Addons For Elementor <= 2.4.5 - Authenticated (Contributor+) Directory Traversal

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files...

WordPress Plugin HT Mega 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18463 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.4.7 Description: The issue allows authenticated attackers with contributor access or higher to read the contents of arbitrary files on the server, potentially...

HT Mega < 2.4.4 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...