CVE Tools

devitemsllc

Web & CMS Pluginscommercial

20

Cumulative CVEs

2

Monthly snapshots

#83

Peak rank

Top products

ht mega addons for elementor – elementor widgets & template builder10 shoplentor – all-in-one woocommerce growth & store enhancement plugin5

Latest CVEs

The 15 most recently published vulnerabilities affecting devitemsllc.

CVE-2026-6287ShopLentor - WooCommerce Builder for Elementor & Gutenberg <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Product Grid 'blockUniqId' Block Attribute5.4May 27, 2026
CVE-2026-4059ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute6.4Apr 14, 2026
CVE-2026-1714ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action8.6Feb 18, 2026
CVE-2025-13141HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection6.4Nov 21, 2025
CVE-2025-12493ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template'9.8Nov 4, 2025
CVE-2025-11823ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode6.4Oct 25, 2025
CVE-2025-8068HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions4.3Jul 31, 2025
CVE-2025-8401HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure4.3Jul 31, 2025
CVE-2025-8151HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions4.3Jul 31, 2025
CVE-2025-3775ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter6.5Apr 25, 2025
CVE-2025-1802HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets6.4Mar 20, 2025
CVE-2025-1527ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module6.4Mar 12, 2025
CVE-2025-1261HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget6.4Mar 8, 2025
CVE-2024-12599HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget7.2Feb 11, 2025
CVE-2024-12597HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css6.4Feb 4, 2025