CVE-2025-54695 WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through = 2.9.0...

WordPress HT Mega plugin has unspecified vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress, offering over 100 custom widgets, 360+ preset modules, and a variety of templates for blogs, sliders, collapsible menus, and other page elements. A security vulnerability exists in WordPress HT Mega plugin, which...

WordPress HT Mega plugin path traversal vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress, offering over 100 custom widgets, 360+ preset modules, and a variety of templates for blogs, sliders, collapsible menus, and other page elements. A path traversal vulnerability exists in the WordPress HT Mega...

WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin HT Mega – Absolute Addons for WPBakery Page Builder versions = 1.0.8...

WordPress HT Mega plugin <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin HT Mega versions = 2.8.3...

WordPress HT Mega plugin <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via blockcss and innercss vulnerability discovered by Sean Murphy in WordPress Plugin HT Mega versions = 2.7.6...

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id vulnerability

Authenticated Contributor+ Sensitive Information Exposure via templateid vulnerability discovered by Ankit Patel in WordPress Plugin HT Mega versions = 2.6.5...

WordPress HT Mega Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5215 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID 8a3ce85176b1 Credits stealthcopter Required privilege...

WordPress HT Mega Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4876 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID feb0aa615e6b Credits wesley wcraft Required privilege...

WordPress HT Mega Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3990 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID 6e65dea1b0e6 Credits wesley wcraft Required privilege...

WordPress HT Mega Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2790 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID 4a7e7d012646 Credits Ngô Thiên An ancorn - VNPT-VCI Dau Hoang...

CVE-2024-30182 WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.4.3...

WordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50901 Patch priority Medium CVSS severity Medium 7.1 Developer HTMega PSID 46290c97b255 Credits Le Ngoc Anh Required privilege Unauthenticated...