Vulnerabilities > Hasthemes > HT Mega > 2.7.7

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2025-1802 Cross-site Scripting vulnerability in Hasthemes HT Mega
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', and 'stt_button_text' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping.
network
low complexity
hasthemes CWE-79
5.4
5.4
2025-03-08 CVE-2025-1261 Cross-site Scripting vulnerability in Hasthemes HT Mega
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
hasthemes CWE-79
5.4
5.4
2025-02-11 CVE-2024-12599 Cross-site Scripting vulnerability in Hasthemes HT Mega
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
hasthemes CWE-79
6.1
6.1