7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Description The plugin does not have CSRF checks in various functions in its admin/include/template-library.php file, which could allow attackers to make logged in admins activate plugins/themes via CSRF attacks
patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability