hasthemes — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting hasthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by hasthemes:ShopLentor HT Easy GA4 ( Google Analytics 4 )HT Feed HT Mega – Absolute Addons For Elementor WC Builder WC Builder – WooCommerce Page Builder for WPBakery WP Plugin Manager Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)WP Templata Free WooCommerce Theme 99fy Extension HT Builder – WordPress Theme Builder for Elementor HT Mega Extensions For CF7 HashBar – WordPress Notification Bar Swatchly HT Menu JustTables Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)Really Simple Google Tag Manager

CVE ID	Title	CVSS	Severity	Published
CVE-2025-68533	WordPress WC Builder plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability — WC BuilderCWE-79	6.5	Medium	2025-12-24
CVE-2025-14054	WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute — WC Builder – WooCommerce Page Builder for WPBakeryCWE-79	4.4	Medium	2025-12-21
CVE-2025-64271	WordPress WP Plugin Manager plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability — WP Plugin ManagerCWE-352	4.3	Medium	2025-11-13
CVE-2025-2719	Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)CWE-862	6.5	Medium	2025-04-10
CVE-2025-26917	WordPress WP Templata plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability — WP TemplataCWE-79	6.1	-	2025-03-03
CVE-2025-22801	WordPress Free WooCommerce Theme 99fy Extension plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability — Free WooCommerce Theme 99fy ExtensionCWE-79	6.5	Medium	2025-01-09
CVE-2024-51682	WordPress HT Builder – WordPress Theme Builder for Elementor plugin <= 1.3.0 - Stored Cross Site Scripting (XSS) vulnerability — HT Builder – WordPress Theme Builder for ElementorCWE-79	6.5	Medium	2024-11-04
CVE-2024-35699	WordPress HT Feed plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability — HT FeedCWE-79	6.5	Medium	2024-06-08
CVE-2024-34767	WordPress ShopLentor plugin <= 2.8.7 - Cross Site Scripting (XSS) vulnerability — ShopLentorCWE-79	6.5	Medium	2024-06-03
CVE-2023-37999	WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability — HT MegaCWE-269	9.8	Critical	2024-05-17
CVE-2024-29926	WordPress WC Builder plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability — WC BuilderCWE-79	6.5	Medium	2024-03-27
CVE-2024-29094	WordPress HT Easy GA4 plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability — HT Easy GA4 ( Google Analytics 4 )CWE-79	7.1	High	2024-03-19
CVE-2024-29102	WordPress Extensions For CF7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability — Extensions For CF7CWE-79	7.1	High	2024-03-19
CVE-2023-51529	WordPress HT Mega Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF) — HT Mega – Absolute Addons For ElementorCWE-352	4.3	Medium	2024-02-29
CVE-2023-50901	WordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS) — HT Mega – Absolute Addons For ElementorCWE-79	7.1	High	2023-12-29
CVE-2023-51372	WordPress HashBar – WordPress Notification Bar Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS) — HashBar – WordPress Notification BarCWE-79	5.9	Medium	2023-12-29
CVE-2022-47172	WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) — ShopLentorCWE-352	4.3	Medium	2023-07-17
CVE-2023-23791	WordPress HT Menu Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) — HT MenuCWE-352	4.3	Medium	2023-07-11
CVE-2023-23803	WordPress JustTables – WooCommerce Product Table Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF) — JustTablesCWE-352	4.3	Medium	2023-07-11
CVE-2023-23792	WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF) — SwatchlyCWE-352	4.3	Medium	2023-07-11
CVE-2023-23804	WordPress HT Feed Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF) — HT FeedCWE-352	4.3	Medium	2023-07-10
CVE-2023-23802	WordPress HT Easy GA4 ( Google Analytics 4 ) Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) — HT Easy GA4 ( Google Analytics 4 )CWE-352	4.3	Medium	2023-06-15
CVE-2023-23801	WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) — Really Simple Google Tag ManagerCWE-352	4.3	Medium	2023-04-06
CVE-2022-46798	WordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF) — ShopLentorCWE-352	5.4	Medium	2023-03-01
CVE-2023-23899	WordPress Extensions For CF7 Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) — Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)CWE-352	4.3	Medium	2023-02-17

This page lists every published CVE security advisory associated with hasthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

hasthemes — Vulnerabilities & Security Advisories 25