Filtered by vendor Hasthemes
Subscribe
Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1397 | 1 Hasthemes | 1 Ht Mega | 2026-04-08 | N/A | 6.4 MEDIUM |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-7067 | 1 Hasthemes | 1 Shoplentor | 2026-04-08 | N/A | 4.3 MEDIUM |
| The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentor_template_store' function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with contributor access and above to access the nonce used to access this function and set a blank template as the default template. | |||||
| CVE-2023-6214 | 1 Hasthemes | 1 Ht Mega | 2026-04-08 | N/A | 7.5 HIGH |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchased_products function. This makes it possible for unauthenticatied attackers to extract sensitive data including the previous 7 days of order data including products and customer PII. | |||||
| CVE-2024-3989 | 1 Hasthemes | 1 Ht Mega | 2026-04-08 | N/A | 6.4 MEDIUM |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-2868 | 1 Hasthemes | 1 Shoplentor | 2026-04-08 | N/A | 6.4 MEDIUM |
| The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-2085 | 1 Hasthemes | 1 Ht Mega | 2026-04-08 | N/A | 6.4 MEDIUM |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-1974 | 1 Hasthemes | 1 Ht Mega | 2026-04-08 | N/A | 8.8 HIGH |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2024-1176 | 1 Hasthemes | 1 Ht Easy Ga4 | 2026-04-08 | N/A | 5.3 MEDIUM |
| The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4. | |||||
| CVE-2024-12599 | 1 Hasthemes | 1 Ht Mega | 2026-04-08 | N/A | 6.4 MEDIUM |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-6327 | 1 Hasthemes | 1 Shoplentor | 2026-04-08 | N/A | 5.3 MEDIUM |
| The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them. | |||||
| CVE-2025-58990 | 1 Hasthemes | 1 Shoplentor | 2026-04-01 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems ShopLentor woolentor-addons allows Stored XSS.This issue affects ShopLentor: from n/a through <= 3.2.0. | |||||
| CVE-2025-26917 | 1 Hasthemes | 1 Wp Templata | 2026-04-01 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WP Templata wptemplata allows Reflected XSS.This issue affects WP Templata: from n/a through <= 1.0.7. | |||||
| CVE-2025-24695 | 1 Hasthemes | 1 Extensions For Cf7 | 2026-04-01 | N/A | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0. | |||||
| CVE-2024-51682 | 1 Hasthemes | 1 Ht Builder | 2026-04-01 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor ht-builder allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for Elementor: from n/a through <= 1.3.0. | |||||
| CVE-2024-51673 | 1 Hasthemes | 1 Ht Politic | 2026-04-01 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems HT Politic wp-politic allows DOM-Based XSS.This issue affects HT Politic: from n/a through <= 2.4.4. | |||||
| CVE-2024-49630 | 1 Hasthemes | 1 Wp Education | 2026-04-01 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems WP Education wp-education allows Stored XSS.This issue affects WP Education: from n/a through <= 1.2.8. | |||||
| CVE-2024-38706 | 1 Hasthemes | 1 Ht Mega | 2026-04-01 | N/A | 8.8 HIGH |
| Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.5.7. | |||||
| CVE-2024-32782 | 1 Hasthemes | 1 Ht Mega | 2026-04-01 | N/A | 6.5 MEDIUM |
| Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.4.7. | |||||
| CVE-2024-30182 | 1 Hasthemes | 1 Ht Mega | 2026-04-01 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.4.3. | |||||
| CVE-2025-64271 | 1 Hasthemes | 1 Wp Plugin Manager | 2026-02-13 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.This issue affects WP Plugin Manager: from n/a through <= 1.4.7. | |||||