Ht mega
This hub aggregates every CVE we track for Ht mega, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
31
CVEs tracked
1
Critical
4
High
0
In CISA KEV
Severity distribution
MEDIUM26HIGH4CRITICAL1
Monthly trend
1
0
1
0
0
0
0
2
2
0
0
0
3
1
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Ht mega.
- CVE-2025-54695WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability5.4
- CVE-2025-8068HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions4.3
- CVE-2025-8151HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions4.3
- CVE-2025-8401HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure4.3
- CVE-2025-1802HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets6.4
- CVE-2025-1261HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget6.4
- CVE-2024-12599HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget7.2
- CVE-2024-12597HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css6.4
- CVE-2024-8910HT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id4.3
- CVE-2024-38706WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability6.5
- CVE-2024-5215HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets6.4
- CVE-2024-5173HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings6.4
- CVE-2024-4876HT Mega – Absolute Addons For Elementor <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-4875HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update4.3
- CVE-2023-37999WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability9.8
Product normalization is registry-driven with AI assist and human review. How it works