Hasthemes

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-1397 1Hasthemes 1Ht Mega Apr 8, 2026 Mar 12, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and...Show more The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-51529 1Hasthemes 1Ht Mega Apr 28, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3.
CVE-2023-51372 1Hasthemes 1Hashbar Apr 28, 2026 Dec 29, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification B...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1.Show less
CVE-2023-50901 1Hasthemes 1Ht Mega Apr 28, 2026 Dec 29, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons Fo...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8.Show less
CVE-2023-32962 1Hasthemes 1Wishsuite Nov 21, 2024 Aug 30, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions.
CVE-2022-47172 1Hasthemes 1Woolentor Woocommerce Elementor Addons + Builder Nov 21, 2024 Jul 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.
CVE-2023-23731 1Hasthemes 1Wishsuite Nov 21, 2024 Jul 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions.
CVE-2023-23803 1Hasthemes 1Justtables Nov 21, 2024 Jul 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions.
CVE-2023-23791 1Hasthemes 1Ht Menu Nov 21, 2024 Jul 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions.
CVE-2023-23792 1Hasthemes 1Swatchly Nov 21, 2024 Jul 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.
CVE-2023-23804 1Hasthemes 1Ht Feed Nov 21, 2024 Jul 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions.
CVE-2023-23802 1Hasthemes 1Ht Easy Ga4 (google Analytics 4) Nov 21, 2024 Jun 15, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.
CVE-2023-23801 1Hasthemes 1Really Simple Google Tag Manager Nov 21, 2024 Apr 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions.
CVE-2023-1089 1Hasthemes 1Coupon Zen Feb 19, 2025 Mar 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-1088 1Hasthemes 1Wp Plugin Manager Feb 19, 2025 Mar 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-1087 1Hasthemes 1Wc Sales Notification Feb 19, 2025 Mar 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF att...Show more The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attackShow less
CVE-2023-1086 1Hasthemes 1Preview Link Generator Feb 19, 2025 Mar 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF at...Show more The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attackShow less
CVE-2023-0505 1Hasthemes 1Ever Compare Feb 19, 2025 Mar 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0504 1Hasthemes 1Ht Politic Feb 19, 2025 Mar 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0503 1Hasthemes 1Free Woocommerce Theme 99fy Extension Feb 19, 2025 Mar 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blo...Show more The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attackShow less

Previous 1 2 345 Next