📦 Ht Mega

This vulnerability allows unauthenticated attackers to escalate privileges in the HT Mega WordPress plugin. Attackers can gain administrative access to affected WordPress sites without requiring any c...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the HT Mega plugin's Countdown widget. The scripts are stor...

The HT Mega plugin for WordPress exposes sensitive order data including customer PII through an unauthenticated API endpoint. This affects all WordPress sites using HT Mega plugin versions up to 2.4.6...

This vulnerability in the HT Mega plugin for WordPress allows authenticated attackers with contributor-level access or higher to perform directory traversal attacks. They can read arbitrary files on t...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the HT Mega plugin for WordPress Elementor. When users visit a specially crafted URL, the script executes in...

The HT Mega plugin for WordPress has an information disclosure vulnerability that allows authenticated users with Author-level permissions or higher to access private, password-protected, and draft co...

This vulnerability in the HT Mega WordPress plugin allows authenticated users with Contributor-level access or higher to delete arbitrary files and move posts/pages/templates to trash due to improper ...

This stored XSS vulnerability in the HT Mega WordPress plugin allows authenticated attackers with Contributor access or higher to inject malicious scripts into website pages. When users visit compromi...

This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious scripts into WordPress pages using the HT Mega plugin's Countdown widget. The scripts exec...

The HT Mega plugin for WordPress exposes sensitive template data through a vulnerability in the accordion widget. Authenticated attackers with Contributor-level access or higher can extract private, p...

This path traversal vulnerability in the HT Mega WordPress plugin allows attackers to access files outside the intended directory by manipulating file paths. It affects all versions up to 2.5.7 of the...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the HT Mega plugin's Video player widget. The scripts execu...

This stored XSS vulnerability in the HT Mega WordPress plugin allows authenticated attackers with contributor-level access or higher to inject malicious scripts into web pages. The scripts execute whe...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the HT Mega plugin's Countdown widget. The scripts are stor...

This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to inject malicious scripts into web pages using the HT Mega plugin's widgets. The scripts execute ...