Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HT Mega Addons for Elementor – Elementor Widgets & Template Builder — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in HT Mega Addons for Elementor – Elementor Widgets & Template Builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: devitemsllc

CVE IDTitleCVSSSeverityPublished
CVE-2025-13141 HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection CWE-79 6.4 Medium2025-11-21
CVE-2025-8401 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure CWE-285 4.3 Medium2025-07-31
CVE-2025-8068 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions CWE-863 4.3 Medium2025-07-31
CVE-2025-8151 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions CWE-22 4.3 Medium2025-07-31
CVE-2025-1802 HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CWE-79 6.4 Medium2025-03-20
CVE-2025-1261 HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget CWE-79 6.4 Medium2025-03-08
CVE-2024-12599 HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CWE-79 6.4 Medium2025-02-11
CVE-2024-12597 HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css CWE-79 6.4 Medium2025-02-04
CVE-2024-8910 HT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id CWE-1230 4.3 Medium2024-09-25
CVE-2024-5215 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CWE-79 6.4 Medium2024-06-26
CVE-2024-5173 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings CWE-79 6.4 Medium2024-06-26
CVE-2024-4876 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-21
CVE-2024-4875 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update CWE-862 4.3 Medium2024-05-21
CVE-2024-3990 HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget CWE-79 6.4 Medium2024-05-09
CVE-2024-3989 HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify CWE-79 6.4 Medium2024-05-09
CVE-2024-3307 HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CWE-79 6.4 Medium2024-05-02
CVE-2024-2084 HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget CWE-79 6.4 Medium2024-05-02
CVE-2023-6214 HT Mega – Absolute Addons For Elementor <= 2.4.6 - Sensitive Information Exposure via purchased_products CWE-200 7.5 High2024-05-02
CVE-2024-2790 HT Mega – Absolute Addons For Elementor <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion/FAQ CWE-79 6.4 Medium2024-05-02
CVE-2024-3308 HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget CWE-79 6.4 Medium2024-05-02
CVE-2024-2085 HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' CWE-79 6.4 Medium2024-05-02
CVE-2024-1974 HT Mega – Absolute Addons For Elementor <= 2.4.5 - Authenticated (Contributor+) Directory Traversal CWE-22 8.8 High2024-04-09
CVE-2024-1421 HT Mega – Absolute Addons For Elementor <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel Widget CWE-79 6.4 Medium2024-03-12
CVE-2024-1397 HT Mega <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleTag CWE-79 6.4 Medium2024-03-12

All 24 known CVE vulnerabilities affecting HT Mega Addons for Elementor – Elementor Widgets & Template Builder with full Chinese analysis, references, and POCs where available.