cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8910,https://securityvulnerability.io/vulnerability/CVE-2024-8910,Sensitive Information Exposure in Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress has a vulnerability that allows for the exposure of sensitive information. All versions up to and including 2.6.5 are susceptible to this issue, specifically through the render function located in includes/widgets/htmega_accordion.php. This vulnerability permits authenticated users with Contributor-level access and higher to improperly access and extract confidential data related to private, pending, and draft templates, potentially compromising the security and integrity of affected WordPress sites.",Wordpress,Ht Mega - Absolute Addons For Elementor Page Builder,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-09-25T07:15:00.000Z,0
CVE-2024-5215,https://securityvulnerability.io/vulnerability/CVE-2024-5215,Stored Cross-Site Scripting Vulnerability Affects HT Mega's Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.000539999979082495,false,,true,false,false,,false,false,2024-06-26T06:56:03.593Z,0
CVE-2024-5173,https://securityvulnerability.io/vulnerability/CVE-2024-5173,Stored Cross-Site Scripting Vulnerability in Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-26T02:07:56.481Z,0
CVE-2024-4876,https://securityvulnerability.io/vulnerability/CVE-2024-4876,Stored Cross-Site Scripting Vulnerability in HT Mega's Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-21T11:02:28.418Z,0
CVE-2024-4875,https://securityvulnerability.io/vulnerability/CVE-2024-4875,Unauthorized Modification of Data and Loss of Data Vulnerability in HT Mega's Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.",Wordpress,Ht Mega – Absolute Addons For Elementor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-21T08:31:03.732Z,0
CVE-2024-3989,https://securityvulnerability.io/vulnerability/CVE-2024-3989,HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2024-3990,https://securityvulnerability.io/vulnerability/CVE-2024-3990,Stored Cross-Site Scripting Vulnerability in Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2024-3307,https://securityvulnerability.io/vulnerability/CVE-2024-3307,Stored Cross-Site Scripting Vulnerability in Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-02T16:52:37.182Z,0
CVE-2024-2084,https://securityvulnerability.io/vulnerability/CVE-2024-2084,Stored Cross-Site Scripting in HT Mega – Absolute Addons For Elementor Plugin for WordPress,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through its lightbox widget. This vulnerability arises from inadequate input sanitization and output escaping of user-supplied attributes, enabling authenticated attackers with contributor-level and higher permissions to inject malicious web scripts. These scripts, once injected, will execute whenever users access the affected pages, posing significant risks to site integrity and user safety.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:23.686Z,0
CVE-2023-6214,https://securityvulnerability.io/vulnerability/CVE-2023-6214,Sensitive Information Exposure in HT Mega Plugin for WordPress by Absolute Addons,"The HT Mega – Absolute Addons For Elementor plugin for WordPress introduces a vulnerability that exposes sensitive information due to improper access controls in the purchased_products function. This weakness allows unauthenticated attackers to retrieve sensitive data, including order details and personally identifiable information (PII) of customers, from the past seven days. Webmasters and site administrators using this plugin should take immediate action to secure their installations to prevent unauthorized data access.",Wordpress,Ht Mega – Absolute Addons For Elementor,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:07.346Z,0
CVE-2024-2790,https://securityvulnerability.io/vulnerability/CVE-2024-2790,Stored Cross-Site Scripting in HT Mega – Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through its Accordion widget. This flaw arises from inadequate input sanitization and output escaping of user-supplied attributes. As a result, attackers with contributor-level access and above can inject malicious web scripts into pages. These scripts will execute when users access the compromised pages, potentially leading to unauthorized actions and data breaches.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:06.878Z,0
CVE-2024-3308,https://securityvulnerability.io/vulnerability/CVE-2024-3308,Stored Cross-Site Scripting in HT Mega – Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting (XSS) attacks. This issue arises from inadequate input sanitization and output escaping in the Image Grid widget's attributes. Authenticated attackers with contributor access or higher can exploit this vulnerability to inject malicious scripts into pages, which will execute when other users access the compromised pages. This poses significant risks to user data integrity and application security.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:57.833Z,0
CVE-2024-2085,https://securityvulnerability.io/vulnerability/CVE-2024-2085,Stored Cross-Site Scripting Vulnerability in HT Mega Plugin for WordPress,"The HT Mega – Absolute Addons For Elementor plugin for WordPress contains a vulnerability where the 'size' value in several widgets is susceptible to Stored Cross-Site Scripting. This arises from inadequate input sanitization and output escaping of user-supplied attributes. As a result, authenticated users with contributor-level permissions or higher could exploit this vulnerability to inject malicious web scripts into pages. Such scripts would execute automatically when any user accesses the manipulated page, potentially compromising user data and site integrity.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:45.471Z,0
CVE-2024-1974,https://securityvulnerability.io/vulnerability/CVE-2024-1974,Directory Traversal Vulnerability in HT Mega's Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is affected by a Directory Traversal vulnerability present in all versions up to and including 2.4.6. This flaw exists in the render function, enabling authenticated attackers with contributor access or higher to exploit the vulnerability. Successful exploitation can lead to unauthorized access to sensitive files on the server, potentially exposing critical information. It is essential for users and administrators of the affected versions to apply updates to mitigate this security risk.",Wordpress,Ht Mega – Absolute Addons For Elementor,6.5,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2024-04-09T18:58:34.032Z,0
CVE-2024-1421,https://securityvulnerability.io/vulnerability/CVE-2024-1421,Stored Cross-Site Scripting Vulnerability in Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-12T22:32:26.560Z,0
CVE-2024-1397,https://securityvulnerability.io/vulnerability/CVE-2024-1397,Stored Cross-Site Scripting Vulnerability in HT Mega's Absolute Addons For Elementor Plugin,"The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ht Mega – Absolute Addons For Elementor,5.4,MEDIUM,0.000750000006519258,false,,false,false,false,,false,false,2024-03-12T22:32:26.001Z,0
CVE-2021-24261,https://securityvulnerability.io/vulnerability/CVE-2021-24261,HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS,"The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.",Wordpress,Ht Mega – Absolute Addons For Elementor Page Builder,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2021-05-05T18:28:46.000Z,0