Vulnerabilities and security researches forht-event ht-event

Apr 19, 2025

CVE, Research URL: CVE-2025-24624
Home page URL: Security reports for HT Event – WordPress Event Manager Plugin for Elementor
Application: HT Event – WordPress Event Manager Plugin for Elementor
Date: Apr 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech HT Event allows Reflected XSS. This issue affects HT Event: from n/a through 1.4.6.
Affected versions: Min -, max -.
Status: vulnerable

Feb 01, 2025

CVE, Research URL: CVE-2024-13216
Home page URL: Security reports for HT Event – WordPress Event Manager Plugin for Elementor
Application: HT Event – WordPress Event Manager Plugin for Elementor
Date: Jan 31, 2025
Research Description: The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-0496
Home page URL: Security reports for HT Event – WordPress Event Manager Plugin for Elementor
Application: HT Event – WordPress Event Manager Plugin for Elementor
Date: Mar 27, 2023
Research Description: The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Affected versions: Min -, max -.
Status: vulnerable