Ht Mega Security Vulnerabilities and Issues — Ht Mega CVE List

Lucene search

HasthemesHt Mega

7 matches found

CVE•added 2025/03/20 12:15 p.m.•55 views

CVE-2025-1802

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', and 'stt_button_text' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This...

6.4CVSS5.8AI score0.0006EPSS

CVE•added 2025/02/11 5:15 a.m.•49 views

CVE-2024-12599

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...

7.2CVSS6.1AI score0.00055EPSS

CVE•added 2025/02/04 7:15 a.m.•40 views

CVE-2024-12597

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS5.7AI score0.00037EPSS

CVE•added 2025/03/08 2:15 a.m.•39 views

CVE-2025-1261

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00206EPSS

CVE•added 2025/07/31 12:15 p.m.•9 views

CVE-2025-8068

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajax_trash_templates' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, wi...

4.3CVSS6.3AI score0.00032EPSS

CVE•added 2025/07/31 12:15 p.m.•8 views

CVE-2025-8151

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...

4.3CVSS6.2AI score0.00042EPSS

CVE•added 2025/07/31 12:15 p.m.•7 views

CVE-2025-8401

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'get_post_data' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive...

4.3CVSS6.2AI score0.00032EPSS