Hasthemes Ht_mega
30 CVEs affecting Hasthemes Ht_mega. Latest disclosed: 2025-07-31. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-37999 | Critical | 9.8 | 2024-05-17 | Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0. |
CVE-2024-1974 | High | 8.8 | 2024-04-09 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the rende… |
CVE-2023-6214 | High | 7.5 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 vi… |
CVE-2023-50901 | High | 7.1 | 2023-12-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows… |
CVE-2024-38706 | Medium | 6.5 | 2024-07-12 | Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.5.7. |
CVE-2024-30182 | Medium | 6.5 | 2024-03-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects… |
CVE-2025-1802 | Medium | 6.4 | 2025-03-20 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', a… |
CVE-2025-1261 | Medium | 6.4 | 2025-03-08 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in al… |
CVE-2024-12599 | Medium | 6.4 | 2025-02-11 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions… |
CVE-2024-12597 | Medium | 6.4 | 2025-02-04 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in… |
CVE-2024-5215 | Medium | 6.4 | 2024-06-26 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and i… |
CVE-2024-5173 | Medium | 6.4 | 2024-06-26 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versi… |
CVE-2024-4876 | Medium | 6.4 | 2024-05-21 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versio… |
CVE-2024-3990 | Medium | 6.4 | 2024-05-14 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions… |
CVE-2024-3989 | Medium | 6.4 | 2024-05-14 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all ve… |
CVE-2024-3308 | Medium | 6.4 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all ver… |
CVE-2024-3307 | Medium | 6.4 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all vers… |
CVE-2024-2790 | Medium | 6.4 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and i… |
CVE-2024-2085 | Medium | 6.4 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versi… |
CVE-2024-2084 | Medium | 6.4 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions… |