Hasthemes

Ht Mega

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-8068

  • EPSS 0.03%
  • Veröffentlicht 31.07.2025 11:19:13
  • Zuletzt bearbeitet 13.08.2025 19:32:40

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajax_trash_templates' function in all versions up to, and including, 2.9.1. This ...

4.3

CVE-2025-8401

  • EPSS 0.03%
  • Veröffentlicht 31.07.2025 11:19:12
  • Zuletzt bearbeitet 13.08.2025 19:31:59

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'get_post_data' function. This makes it possible for authenticated attackers, with Au...

4.3

CVE-2025-8151

  • EPSS 0.07%
  • Veröffentlicht 31.07.2025 11:19:12
  • Zuletzt bearbeitet 13.08.2025 19:32:22

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function. This makes it possible for authenticated attackers, with Author-level acce...

5.4

CVE-2025-1802

  • EPSS 0.14%
  • Veröffentlicht 20.03.2025 11:11:27
  • Zuletzt bearbeitet 26.03.2025 18:22:17

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', and 'stt_button_text' parameters in all versions up to, and including, 2.8.3 due to insuffic...

5.4

CVE-2025-1261

  • EPSS 0.08%
  • Veröffentlicht 08.03.2025 02:15:34
  • Zuletzt bearbeitet 24.03.2025 18:32:02

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output es...

6.1

CVE-2024-12599

  • EPSS 0.14%
  • Veröffentlicht 11.02.2025 05:15:12
  • Zuletzt bearbeitet 28.03.2025 18:30:49

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on ...

5.4

CVE-2024-12597

  • EPSS 0.08%
  • Veröffentlicht 04.02.2025 07:15:12
  • Zuletzt bearbeitet 05.02.2025 14:58:45

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output...

4.3

CVE-2024-8910

  • EPSS 0.23%
  • Veröffentlicht 25.09.2024 07:15:04
  • Zuletzt bearbeitet 03.10.2024 17:34:27

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for ...

8.8

CVE-2024-38706

  • EPSS 1.24%
  • Veröffentlicht 12.07.2024 14:15:15
  • Zuletzt bearbeitet 05.02.2025 15:19:38

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HasThemes HT Mega allows Path Traversal.This issue affects HT Mega: from n/a through 2.5.7.

5.4

CVE-2024-5215

  • EPSS 0.19%
  • Veröffentlicht 26.06.2024 07:15:11
  • Zuletzt bearbeitet 28.01.2025 19:17:56

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied...