Hasthemes Ht_mega

30 CVEs affecting Hasthemes Ht_mega. Latest disclosed: 2025-07-31. Critical: 1, High: 3.

Top CVEs affecting Hasthemes Ht_mega
CVESeverityScorePublishedSummary
CVE-2023-37999Critical9.82024-05-17Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.
CVE-2024-1974High8.82024-04-09The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the rende…
CVE-2023-6214High7.52024-05-02The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 vi…
CVE-2023-50901High7.12023-12-29Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows…
CVE-2024-38706Medium6.52024-07-12Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.5.7.
CVE-2024-30182Medium6.52024-03-27Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects…
CVE-2025-1802Medium6.42025-03-20The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', a…
CVE-2025-1261Medium6.42025-03-08The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in al…
CVE-2024-12599Medium6.42025-02-11The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions…
CVE-2024-12597Medium6.42025-02-04The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in…
CVE-2024-5215Medium6.42024-06-26The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and i…
CVE-2024-5173Medium6.42024-06-26The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versi…
CVE-2024-4876Medium6.42024-05-21The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versio…
CVE-2024-3990Medium6.42024-05-14The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions…
CVE-2024-3989Medium6.42024-05-14The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all ve…
CVE-2024-3308Medium6.42024-05-02The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all ver…
CVE-2024-3307Medium6.42024-05-02The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all vers…
CVE-2024-2790Medium6.42024-05-02The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and i…
CVE-2024-2085Medium6.42024-05-02The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versi…
CVE-2024-2084Medium6.42024-05-02The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions…