Hasthemes Security Vulnerabilities (CVEs)
Track 39 security vulnerabilities affecting Hasthemes products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This stored cross-site scripting (XSS) vulnerability in the WC Builder WordPress plugin allows attackers to inject malicious scripts into web pages th...
Dec 24, 2025This CSRF vulnerability in HasThemes WP Plugin Manager allows attackers to trick authenticated WordPress administrators into performing unintended act...
Nov 13, 2025This vulnerability allows unauthenticated attackers to include and execute arbitrary PHP files on WordPress servers running the ShopLentor plugin. Att...
Nov 4, 2025This stored XSS vulnerability in the ShopLentor WooCommerce Builder plugin allows authenticated attackers with Contributor access or higher to inject ...
Oct 25, 2025This stored cross-site scripting (XSS) vulnerability in the ShopLentor WordPress plugin allows attackers to inject malicious scripts into web pages th...
Sep 9, 2025The HT Mega plugin for WordPress has an information disclosure vulnerability that allows authenticated users with Author-level permissions or higher t...
Jul 31, 2025This vulnerability in the HT Mega WordPress plugin allows authenticated users with Contributor-level access or higher to delete arbitrary files and mo...
Jul 31, 2025This vulnerability in the HT Contact Form WordPress plugin allows unauthenticated attackers to move arbitrary files on the server due to insufficient ...
Jul 15, 2025This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the HT Contact Form Widget plugin due to missin...
Jul 15, 2025This stored XSS vulnerability in the HT Mega WordPress plugin allows authenticated attackers with Contributor access or higher to inject malicious scr...
Mar 20, 2025This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious scripts into WordPress pages using the H...
Mar 8, 2025A reflected cross-site scripting (XSS) vulnerability in the WP Templata WordPress plugin allows attackers to inject malicious scripts into web pages. ...
Mar 3, 2025This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the HT Me...
Feb 11, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Education plugin for WordPress. When users view aff...
Oct 20, 2024The ShopLentor (WooLentor) WordPress plugin has an information disclosure vulnerability that allows authenticated attackers with Contributor-level acc...
Oct 11, 2024The HT Mega plugin for WordPress exposes sensitive template data through a vulnerability in the accordion widget. Authenticated attackers with Contrib...
Sep 25, 2024This path traversal vulnerability in the HT Mega WordPress plugin allows attackers to access files outside the intended directory by manipulating file...
Jul 12, 2024This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the HT Me...
Jun 26, 2024This vulnerability allows unauthenticated attackers to escalate privileges in the HT Mega WordPress plugin. Attackers can gain administrative access t...
May 17, 2024This stored XSS vulnerability in the HT Mega WordPress plugin allows authenticated attackers with contributor-level access or higher to inject malicio...
May 14, 2024The ShopLentor (formerly WooLentor) WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to view all produ...
May 14, 2024This stored XSS vulnerability in the ShopLentor WordPress plugin allows authenticated attackers with contributor-level access or higher to inject mali...
May 2, 2024This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the HT Me...
May 2, 2024This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to inject malicious scripts into web pages using ...
May 2, 2024The HT Mega plugin for WordPress exposes sensitive order data including customer PII through an unauthenticated API endpoint. This affects all WordPre...
May 2, 2024This vulnerability in the HT Mega plugin for WordPress allows authenticated attackers with contributor-level access or higher to perform directory tra...
Apr 9, 2024This stored cross-site scripting (XSS) vulnerability in the HT Easy GA4 WordPress plugin allows attackers to inject malicious scripts into web pages. ...
Mar 19, 2024This vulnerability allows attackers to inject malicious scripts into web pages generated by the Extensions For CF7 WordPress plugin. When users view a...
Mar 19, 2024This vulnerability allows attackers to inject malicious scripts into web pages generated by the HT Mega plugin for WordPress Elementor. When users vis...
Dec 29, 2023This vulnerability in the Ever Compare WordPress plugin allows attackers to trick logged-in administrators into activating arbitrary plugins via Cross...
Mar 27, 2023This vulnerability in the WC Sales Notification WordPress plugin allows attackers to trick logged-in administrators into activating arbitrary plugins ...
Mar 27, 2023This vulnerability in the Coupon Zen WordPress plugin allows attackers to trick logged-in administrators into activating arbitrary plugins via Cross-S...
Mar 27, 2023This CSRF vulnerability in Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin allows attackers to trick logged-in ad...
Mar 27, 2023This vulnerability in the HT Slider For Elementor WordPress plugin allows attackers to trick logged-in administrators into activating arbitrary plugin...
Mar 27, 2023This CSRF vulnerability in the HT Portfolio WordPress plugin allows attackers to trick logged-in administrators into activating arbitrary plugins on t...
Mar 27, 2023This CSRF vulnerability in the QuickSwish WordPress plugin allows attackers to trick logged-in administrators into activating arbitrary plugins on the...
Mar 27, 2023This CSRF vulnerability in the WP Insurance WordPress plugin allows attackers to trick logged-in administrators into activating arbitrary plugins on t...
Mar 27, 2023This vulnerability in the Free WooCommerce Theme 99fy Extension WordPress plugin allows attackers to trick logged-in administrators into activating ar...
Mar 27, 2023The ShopLentor (WooLentor) WordPress plugin before version 2.5.4 contains a PHP Object Injection vulnerability due to unsafe unserialization of user-c...
Feb 21, 2023Why Monitor Hasthemes Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 39+ known vulnerabilities affecting Hasthemes products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Hasthemes packages in under 60 seconds. No agents required - completely agentless scanning that works across Hasthemes deployments.
Free vulnerability database: Access detailed information about every Hasthemes CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Hasthemes CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
