What is CVE-2026-4106?

CVE-2026-4106 is a vulnerability in Ht Mega Addons For Elementor, classified under CWE-200 INFORMATION EXPOSURE. Published 2026-04-23.

Is CVE-2026-4106 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ht Mega Addons For Elementor

CVE-2026-4106

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days

EPSS: 0.004 (60.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Ht Mega Addons For Elementor — versions 0

Public proof-of-concept exploits

ef3tr/CVE-2026-4106

References

wpscan.com/vulnerability/9477ead2-3990-4aae-8e66-09ee2f4daa3e/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2026-4106?: CVE-2026-4106 is a vulnerability in Ht Mega Addons For Elementor, classified under CWE-200 INFORMATION EXPOSURE. Published 2026-04-23.
Is CVE-2026-4106 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.