4 matches found
CVE-2024-10802
CVE-2024-10802 : WordPress Hash Elements plugin vulnerable to unauthorized access due to a missing capability check on hash_elements_get_posts_title_by_id() in all versions
CVE-2024-5177
CVE-2024-5177 — Hash Elements (WordPress) : A stored XSS vulnerability via the url parameter in multiple widgets affects all versions up to 1.3.8. Exploitation requires authenticated access (contributor+). Wordfence notes the patch status as Patched; remediation is to apply the update where avail...
CVE-2024-30426
CVE-2024-30426 stems from an Improper Neutralization of Input During Web Page Generation (Stored XSS) in the WordPress plugin Hash Elements (Hash Themes). The vulnerability affects Hash Elements versions from n/a up to and including 1.3.3, enabling stored cross-site scripting via input that is no...
CVE-2025-22296
CVE-2025-22296 describes a Cross‑Site Scripting (XSS) vulnerability in WordPress Hash Elements (HashThemes) plugin. Affected versions are 1.4.9 and earlier, with the root cause being improper neutralization of input during web page generation. The impact is XSS exposure via user-supplied data. Re...