N/A
2026-04-24< 3.0.7
HT Mega Addons for Elementor – Elementor Widgets & Template Builder < 3.0.7 - Unauthenticated Information Exposure
HT Mega Addons for Elementor – Elementor Widgets & Template Builder
Minimum safe version
3.0.7
Update to 3.0.7 or later to address 34 fixable vulnerabilities
Latest available3.0.10 ✓
Medium 6.4
2025-11-21< 3.0.1
CVE-2025-13141
Medium 5.4
2025-08-14< 2.9.1
CVE-2025-54695
Medium 4.3
2025-07-31< 2.9.2
HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure
Medium 4.3
2025-07-31< 2.9.2
HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions
Medium 4.3
2025-07-31< 2.9.2
HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions
Medium 6.4
2025-03-20< 2.8.4
HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Medium 6.4
2025-03-08< 2.8.3
HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget
Medium 6.4
2025-02-11< 2.8.2
CVE-2024-12599
Medium 6.4
2025-02-04< 2.7.7
CVE-2024-12597
Medium 4.3
2024-09-25< 2.6.6
CVE-2024-8910
Medium 6.5
2024-07-12< 2.5.8
CVE-2024-38706
Medium 5.4
2024-06-26< 2.5.6
CVE-2024-5215
Medium 5.4
2024-06-26< 2.5.6
CVE-2024-5173
Medium 5.4
2024-05-21< 2.5.3
CVE-2024-4876
Medium 4.3
2024-05-21< 2.5.3
CVE-2024-4875
Medium 5.4
2024-05-09< 2.5.1
CVE-2024-3989
Medium 5.4
2024-05-09< 2.5.1
CVE-2024-3990
Medium 4.3
2024-04-24< 2.4.8
CVE-2024-32782
Medium 5.4
2024-05-02< 2.4.9
CVE-2024-2790
Medium 5.4
2024-05-02< 2.5.0
CVE-2024-3307
Medium 5.4
2024-05-02< 2.4.7
CVE-2024-2085
Medium 5.4
2024-05-02< 2.5.0
CVE-2024-3308
Medium 5.4
2024-05-02< 2.4.7
CVE-2024-2084
High 7.5
2024-05-02< 2.4.7
CVE-2023-6214
Medium 6.5
2024-03-27< 2.4.4
CVE-2024-30182
Medium 6.5
2024-05-23< 2.4.7
HT Mega – Absolute Addons For Elementor <= 2.4.5 - Authenticated (Contributor+) Directory Traversal
Medium 5.4
2024-03-12< 2.4.7
CVE-2024-1397
Medium 5.4
2024-03-12< 2.4.5
CVE-2024-1421
High 7.1
2024-12-26< 2.3.9
WordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS)
Medium 4.3
2024-12-27< 2.3.4
WordPress HT Mega Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF)
Critical 9.8
2024-05-17< 2.2.1
CVE-2023-37999
N/A
2021-12-20< 1.7.0
WordPress HT Mega plugin <= 1.6.9 - SQL injection (SQLi) vulnerability
Medium 5.4
2021-05-05< 1.5.7
CVE-2021-24261