← Back

Hasthemes

hasthemes

96 CVEs • 33 products

Products (33)

Click to collapse
Toggle
Ht Mega
ht_mega
30 CVEs
Shoplentor
shoplentor
19 CVEs
Woolentor Woocommerce Elementor Addons + Builder
woolentor_-_woocommerce_elementor_addons_+_builder
4 CVEs
Extensions For Cf7
extensions_for_cf7
3 CVEs
Wishsuite
wishsuite
3 CVEs
Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
download_contact_form_7_widget_for_elementor_page_builder_&_gutenberg_blocks
3 CVEs
Hashbar
hashbar
2 CVEs
Wp Education
wp_education
2 CVEs
Ht Politic
ht_politic
2 CVEs
Wp Plugin Manager
wp_plugin_manager
2 CVEs
Ht Easy Ga4 (google Analytics 4)
ht_easy_ga4_(google_analytics_4)
2 CVEs
Ht Feed
ht_feed
2 CVEs
Wc Builder
wc_builder
2 CVEs
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
contact_form_7_widget_for_elementor_page_builder_&_gutenberg_blocks
1 CVE
Ht Slider For Elementor
ht_slider_for_elementor
1 CVE
Ht Event
ht_event
1 CVE
Ht Portfolio
ht_portfolio
1 CVE
Quickswish
quickswish
1 CVE
Wp Film Studio
wp_film_studio
1 CVE
Wp Insurance
wp_insurance
1 CVE
Wp News
wp_news
1 CVE
Free Woocommerce Theme 99fy Extension
free_woocommerce_theme_99fy_extension
1 CVE
Ever Compare
ever_compare
1 CVE
Preview Link Generator
preview_link_generator
1 CVE
Wc Sales Notification
wc_sales_notification
1 CVE
Coupon Zen
coupon_zen
1 CVE
Really Simple Google Tag Manager
really_simple_google_tag_manager
1 CVE
Swatchly
swatchly
1 CVE
Ht Menu
ht_menu
1 CVE
Justtables
justtables
1 CVE
Ht Easy Ga4
ht_easy_ga4
1 CVE
Ht Builder
ht_builder
1 CVE
Wp Templata
wp_templata
1 CVE

CVEs (96)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-0502
1Hasthemes
1Wp News
Feb 19, 2025
Mar 27, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0501
1Hasthemes
1Wp Insurance
Feb 19, 2025
Mar 27, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0500
1Hasthemes
1Wp Film Studio
Feb 19, 2025
Mar 27, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0499
1Hasthemes
1Quickswish
Feb 19, 2025
Mar 27, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0498
1Hasthemes
1Wp Education
Feb 19, 2025
Mar 27, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0497
1Hasthemes
1Ht Portfolio
Feb 26, 2025
Mar 27, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0496
1Hasthemes
1Ht Event
Feb 14, 2025
Mar 27, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0495
1Hasthemes
1Ht Slider For Elementor
Feb 19, 2025
Mar 27, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF a...Show more
The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attackShow less
CVE-2023-0484
1Hasthemes
1Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Feb 19, 2025
Mar 27, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitr...Show more
The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attackShow less
CVE-2022-46798
1Hasthemes
1Woolentor Woocommerce Elementor Addons + Builder
Nov 21, 2024
Mar 1, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.
CVE-2023-0232
1Hasthemes
1Shoplentor
Mar 12, 2025
Feb 21, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.
CVE-2023-0231
1Hasthemes
1Shoplentor
Mar 12, 2025
Feb 21, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role a...Show more
The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2023-23899
1Hasthemes
1Extensions For Cf7
Nov 21, 2024
Feb 17, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.
CVE-2022-4650
1Hasthemes
1Hashbar
Apr 3, 2025
Jan 23, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVE-2021-24262
1Hasthemes
1Woolentor Woocommerce Elementor Addons + Builder
Nov 21, 2024
May 5, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a simila...Show more
The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.Show less
CVE-2021-24261
1Hasthemes
1Ht Mega
Nov 21, 2024
May 5, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all vi...Show more
The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.Show less