Hasthemes

Ht Mega

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-5173

  • EPSS 0.31%
  • Veröffentlicht 26.06.2024 02:15:09
  • Zuletzt bearbeitet 28.01.2025 19:18:40

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping ...

5.4

CVE-2024-4876

  • EPSS 0.27%
  • Veröffentlicht 21.05.2024 11:15:09
  • Zuletzt bearbeitet 24.01.2025 13:44:58

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. ...

4.3

CVE-2024-4875

  • EPSS 3.84%
  • Veröffentlicht 21.05.2024 09:15:09
  • Zuletzt bearbeitet 28.01.2025 19:20:29

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it p...

9.8

CVE-2023-37999

  • EPSS 55.41%
  • Veröffentlicht 17.05.2024 07:15:57
  • Zuletzt bearbeitet 29.01.2025 21:45:25

Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.

5.4

CVE-2024-3990

  • EPSS 0.22%
  • Veröffentlicht 14.05.2024 15:42:40
  • Zuletzt bearbeitet 28.01.2025 19:23:34

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on u...

5.4

CVE-2024-3989

  • EPSS 0.23%
  • Veröffentlicht 14.05.2024 15:42:39
  • Zuletzt bearbeitet 28.01.2025 03:05:16

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escapi...

5.4

CVE-2024-3308

  • EPSS 0.18%
  • Veröffentlicht 02.05.2024 17:15:24
  • Zuletzt bearbeitet 28.01.2025 19:24:31

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escapin...

5.4

CVE-2024-3307

  • EPSS 0.21%
  • Veröffentlicht 02.05.2024 17:15:24
  • Zuletzt bearbeitet 28.01.2025 19:25:45

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping...

5.4

CVE-2024-2790

  • EPSS 0.18%
  • Veröffentlicht 02.05.2024 17:15:19
  • Zuletzt bearbeitet 28.01.2025 19:26:37

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied...

5.4

CVE-2024-2085

  • EPSS 0.13%
  • Veröffentlicht 02.05.2024 17:15:15
  • Zuletzt bearbeitet 28.01.2025 19:27:14

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping ...