HashThemes — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting HashThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by HashThemes:Easy Elementor Addons Hash Elements Hash Form – Drag & Drop Form Builder Total Smart Blocks Hashthemes Demo Importer Viral News Viral Mag Square Hash Form Easy Elementor Addons – Addons Pack for Elementor Page Builder Mini Ajax Cart for WooCommerce

CVE ID	Title	CVSS	Severity	Published
CVE-2026-6370	WordPress Mini Ajax Cart for WooCommerce plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability — Mini Ajax Cart for WooCommerceCWE-79	5.9	Medium	2026-04-15
CVE-2025-9045	Easy Elementor Addons <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Easy Elementor Addons – Addons Pack for Elementor Page BuilderCWE-79	6.4	Medium	2025-10-03
CVE-2025-58973	WordPress Easy Elementor Addons Plugin <= 2.2.8 - Local File Inclusion Vulnerability — Easy Elementor AddonsCWE-98	7.5	High	2025-09-22
CVE-2025-59561	WordPress Smart Blocks Plugin <= 2.4 - Broken Access Control Vulnerability — Smart BlocksCWE-862	4.3	Medium	2025-09-22
CVE-2025-54712	WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability — Easy Elementor AddonsCWE-862	4.3	Medium	2025-08-14
CVE-2025-54704	WordPress Easy Elementor Addons plugin <= 2.2.6 - Cross Site Scripting (XSS) Vulnerability — Easy Elementor AddonsCWE-79	6.5	Medium	2025-08-14
CVE-2025-48295	WordPress Easy Elementor Addons plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability — Easy Elementor AddonsCWE-79	6.5	Medium	2025-07-16
CVE-2025-47468	WordPress Hash Form plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability — Hash FormCWE-352	4.3	Medium	2025-05-07
CVE-2025-26912	WordPress Easy Elementor Addons plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability — Easy Elementor AddonsCWE-79	6.5	Medium	2025-02-25
CVE-2025-26761	WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability — Easy Elementor AddonsCWE-79	6.5	Medium	2025-02-16
CVE-2025-22296	WordPress Hash Elements plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability — Hash ElementsCWE-79	6.5	Medium	2025-01-07
CVE-2023-28990	WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability — Viral MagCWE-862	4.3	Medium	2024-12-13
CVE-2023-27456	WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation — TotalCWE-862	4.3	Medium	2024-12-13
CVE-2024-12201	Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation — Hash Form – Drag & Drop Form BuilderCWE-862	4.3	Medium	2024-12-12
CVE-2023-30486	WordPress Square theme <= 2.0.0 - Broken Access Control — SquareCWE-862	4.3	Medium	2024-12-09
CVE-2024-10802	Hash Elements <= 1.4.7 - Missing Authorization to Unauthenticated Draft Post Title Exposure — Hash ElementsCWE-862	5.3	Medium	2024-11-13
CVE-2024-49270	WordPress Smart Blocks plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability — Smart BlocksCWE-79	6.5	Medium	2024-10-16
CVE-2024-9417	Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload — Hash Form – Drag & Drop Form BuilderCWE-434	6.1	Medium	2024-10-05
CVE-2024-5084	Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution — Hash Form – Drag & Drop Form BuilderCWE-434	9.8	Critical	2024-05-23
CVE-2024-5085	Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection — Hash Form – Drag & Drop Form BuilderCWE-502	8.1	High	2024-05-23
CVE-2024-5177	Hash Elements <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter in Multiple Widgets — Hash ElementsCWE-79	6.4	Medium	2024-05-23
CVE-2024-30426	WordPress Hash Elements plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability — Hash ElementsCWE-79	6.5	Medium	2024-03-29
CVE-2023-33923	Broken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themes — Viral NewsCWE-862	4.3	Medium	2024-03-25
CVE-2024-1771	Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update — TotalCWE-862	4.3	Medium	2024-03-06
CVE-2021-39333	Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion — Hashthemes Demo ImporterCWE-284	8.1	High	2021-11-01

This page lists every published CVE security advisory associated with HashThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

HashThemes — Vulnerabilities & Security Advisories 25