Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

htplugins — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting htplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by htplugins:HT Contact Form – Drag & Drop Form Builder for WordPressInsert Headers and Footers Code – HT ScriptHT Easy GA4 – Google Analytics WordPress PluginWP Team – WordPress Team Member PluginExtensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)HT Slider For ElementorWishSuite – Wishlist for WooCommerceDocus – YouTube Video Playlist
CVE IDTitleCVSSSeverityPublished
CVE-2026-1888 Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Docus – YouTube Video PlaylistCWE-79 6.4 Medium2026-02-06
CVE-2025-13838 WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute — WishSuite – Wishlist for WooCommerceCWE-79 6.4 Medium2025-12-21
CVE-2025-14278 HT Slider for Elementor <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — HT Slider For ElementorCWE-79 6.4 Medium2025-12-13
CVE-2025-12112 Insert Headers and Footers Code – HT Script <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting — Insert Headers and Footers Code – HT ScriptCWE-79 6.4 Medium2025-11-08
CVE-2025-7645 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion — Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)CWE-22 8.1 High2025-07-22
CVE-2025-7360 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move — HT Contact Form – Drag & Drop Form Builder for WordPressCWE-22 9.1 Critical2025-07-15
CVE-2025-7340 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload — HT Contact Form – Drag & Drop Form Builder for WordPressCWE-434 9.8 Critical2025-07-15
CVE-2025-7341 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Deletion — HT Contact Form – Drag & Drop Form Builder for WordPressCWE-269 9.1 Critical2025-07-15
CVE-2025-2779 Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — Insert Headers and Footers Code – HT ScriptCWE-862 6.5 Medium2025-04-02
CVE-2024-10223 HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode — WP Team – WordPress Team Member PluginCWE-79 6.4 Medium2024-10-30
CVE-2024-1176 HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update — HT Easy GA4 – Google Analytics WordPress PluginCWE-862 5.3 Medium2024-03-13

This page lists every published CVE security advisory associated with htplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.