HT Mega

DevItems

Developer

3.0.7

Latest version

80,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

33 patched

5 Mitigation rules

WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget vulnerability
<= 2.4.6
02/02/2026
WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget vulnerability
<= 2.4.9
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify vulnerability
<= 2.5.0
02/02/2026
WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings vulnerability
<= 2.5.5
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection vulnerability
<= 3.0.0
20/11/2025
Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions vulnerability
<= 2.9.1
31/07/2025
Authenticated (Author+) Sensitive Information Exposure vulnerability
<= 2.9.1
31/07/2025
Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions vulnerability
<= 2.9.1
31/07/2025
Broken Access Control Vulnerability
<= 2.9.0
30/07/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
<= 2.8.3
20/03/2025
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget vulnerability
<= 2.8.2
08/03/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
<= 2.8.1
10/02/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css vulnerability
<= 2.7.6
03/02/2025
Authenticated (Contributor+) Sensitive Information Exposure via template_id vulnerability
<= 2.6.5
25/09/2024
JSON Path Traversal vulnerability
<= 2.5.7
11/07/2024
Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability
<= 2.5.5
26/06/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.5.2
21/05/2024
Missing Authorization to Options Update vulnerability
<= 2.5.2
21/05/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget vulnerability
<= 2.5.0
08/05/2024
Sensitive Data Exposure vulnerability
<= 2.4.7
22/04/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion/FAQ vulnerability
<= 2.4.8
17/04/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.4.6
17/04/2024
Sensitive Information Exposure via purchased_products vulnerability
<= 2.4.6
17/04/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.4.9
17/04/2024
Cross Site Scripting (XSS) vulnerability
<= 2.4.3
25/03/2024
Authenticated (Contributor+) Directory Traversal vulnerability
<= 2.4.6
14/03/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via titleTag vulnerability
<= 2.4.6
12/03/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel Widget vulnerability
<= 2.4.4
12/03/2024
Cross Site Request Forgery (CSRF) vulnerability
<= 2.3.3
27/12/2023
Reflected Cross Site Scripting (XSS) vulnerability
<= 2.3.8
26/12/2023
Unauthenticated Privilege Escalation vulnerability
<= 2.2.0
14/07/2023
SQL injection (SQLi) vulnerability
<= 1.6.9
20/12/2021
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
<= 1.5.5
13/04/2021