CVE Tools

hasthemes

Web & CMS Pluginscommercial

49

Cumulative CVEs

7

Monthly snapshots

#79

Peak rank

Top products

ht mega3 download contact form 7 widget for elementor page builder \& gutenberg blocks3

Latest CVEs

The 15 most recently published vulnerabilities affecting hasthemes.

CVE-2025-68533WordPress WC Builder plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability6.5Dec 24, 2025
CVE-2025-14054WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute4.4Dec 21, 2025
CVE-2025-64271WordPress WP Plugin Manager plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability4.3Nov 13, 2025
CVE-2025-12493ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template'9.8Nov 4, 2025
CVE-2025-11823ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode6.4Oct 25, 2025
CVE-2025-58990WordPress ShopLentor Plugin <= 3.2.0 - Cross Site Scripting (XSS) Vulnerability6.5Sep 9, 2025
CVE-2025-8068HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions4.3Jul 31, 2025
CVE-2025-8401HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure4.3Jul 31, 2025
CVE-2025-8151HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions4.3Jul 31, 2025
CVE-2025-7340HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload9.8Jul 15, 2025
CVE-2025-7360HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move9.1Jul 15, 2025
CVE-2025-7341HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Deletion9.1Jul 15, 2025
CVE-2025-3775ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter6.5Apr 25, 2025
CVE-2025-2719Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update6.5Apr 10, 2025
CVE-2025-1802HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets6.4Mar 20, 2025