WordPress HT Mega plugin < 3.0.7 - Unauthenticated PII Disclosure vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Sensitive Data Exposure
Score:
7.5
Fixed in Version 3.0.7

Timeline

Publicly Published
2026-04-24
Created
2026-04-24

WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.4.7

Timeline

Publicly Published
2026-02-02
Created
2026-02-02

WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.5.0

Timeline

Publicly Published
2026-02-02
Created
2026-02-02

WordPress HT Mega plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.5.1

Timeline

Publicly Published
2026-02-02
Created
2026-02-02

WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.5.6

Timeline

Publicly Published
2026-02-02
Created
2026-02-02

WordPress HT Mega – Absolute Addons For Elementor plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 3.0.1

Timeline

Publicly Published
2025-11-20
Created
2025-11-20

WordPress HT Mega plugin <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Path Traversal
Score:
4.3
Fixed in Version 2.9.2

Timeline

Publicly Published
2025-07-31
Created
2025-07-31

WordPress HT Mega plugin <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Sensitive Data Exposure
Score:
4.3
Fixed in Version 2.9.2

Timeline

Publicly Published
2025-07-31
Created
2025-07-31

WordPress HT Mega plugin <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Broken Access Control
Score:
4.3
Fixed in Version 2.9.2

Timeline

Publicly Published
2025-07-31
Created
2025-07-31

WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Broken Access Control
Score:
5.4
Fixed in Version 2.9.1

Timeline

Publicly Published
2025-07-30
Created
2025-07-30

WordPress HT Mega plugin <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.8.4

Timeline

Publicly Published
2025-03-20
Created
2025-03-20

WordPress HT Mega plugin <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.8.3

Timeline

Publicly Published
2025-03-08
Created
2025-03-08

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.8.2

Timeline

Publicly Published
2025-02-10
Created
2025-02-10

WordPress HT Mega plugin <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.7.7

Timeline

Publicly Published
2025-02-03
Created
2025-02-03

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Sensitive Data Exposure
Score:
4.3
Fixed in Version 2.6.6

Timeline

Publicly Published
2024-09-25
Created
2024-09-25

WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Path Traversal
Score:
6.5
Fixed in Version 2.5.8

Timeline

Publicly Published
2024-07-11
Created
2024-07-11

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.5.5 - Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.5.6

Timeline

Publicly Published
2024-06-26
Created
2024-06-26

WordPress HT Mega plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.5.3

Timeline

Publicly Published
2024-05-21
Created
2024-05-21

WordPress HT Mega plugin <= 2.5.2 - Missing Authorization to Options Update vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Broken Access Control
Score:
4.3
Fixed in Version 2.5.3

Timeline

Publicly Published
2024-05-21
Created
2024-05-21

WordPress HT Mega plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.5.1

Timeline

Publicly Published
2024-05-08
Created
2024-05-08

WordPress HT Mega plugin <= 2.4.7 - Sensitive Data Exposure vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Sensitive Data Exposure
Score:
4.3
Fixed in Version 2.4.8

Timeline

Publicly Published
2024-04-22
Created
2024-04-22

WordPress HT Mega plugin <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion/FAQ vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.4.9

Timeline

Publicly Published
2024-04-17
Created
2024-04-17

WordPress HT Mega plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.4.7

Timeline

Publicly Published
2024-04-17
Created
2024-04-17

WordPress HT Mega plugin <= 2.4.6 - Sensitive Information Exposure via purchased_products vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Sensitive Data Exposure
Score:
7.5
Fixed in Version 2.4.7

Timeline

Publicly Published
2024-04-17
Created
2024-04-17

WordPress HT Mega plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.5.0

Timeline

Publicly Published
2024-04-17
Created
2024-04-17

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.4.4

Timeline

Publicly Published
2024-03-25
Created
2024-03-25

WordPress HT Mega plugin <= 2.4.6 - Authenticated (Contributor+) Directory Traversal vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Directory Traversal
Score:
7.7
Fixed in Version 2.4.7

Timeline

Publicly Published
2024-03-14
Created
2024-03-14

WordPress HT Mega plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleTag vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.4.7

Timeline

Publicly Published
2024-03-12
Created
2024-03-12

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel Widget vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 2.4.5

Timeline

Publicly Published
2024-03-12
Created
2024-03-12

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Request Forgery (CSRF)
Score:
4.3
Fixed in Version 2.3.4

Timeline

Publicly Published
2023-12-27
Created
2023-12-27

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
7.1
Fixed in Version 2.3.9

Timeline

Publicly Published
2023-12-26
Created
2023-12-26

WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Privilege Escalation
Score:
9.8
Fixed in Version 2.2.1

Timeline

Publicly Published
2023-07-14
Created
2023-08-21