cleantalk
Vulnerabilities and Security Researches

HT Mega – Absolute Addons For Elementor, CVE-2024-4876

CVE, Research URL

CVE-2024-4876

Home page URL

Security reports for HT Mega – Absolute Addons For Elementor

Application

HT Mega – Absolute Addons For Elementor

Published on
May 21, 2024
Research Description
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.5.3.
Status
vulnerable
Previous vulnerability researches
HT Mega – Absolute Addons For Elementor (CVE-2025-1261) , Mar 09, 2025
HT Mega – Absolute Addons For Elementor (CVE-2024-8910) , Sep 26, 2024
HT Mega – Absolute Addons For Elementor (CVE-2024-12597) , Feb 04, 2025
HT Mega – Absolute Addons For Elementor (CVE-2024-38706) , Jul 14, 2024
HT Mega – Absolute Addons For Elementor (CVE-2021-24261) , Jun 07, 2024
New vulnerability
Google Map Targeting (CVE-2025-52732) , Aug 04, 2025
WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin (CVE-2025-8152) , Aug 04, 2025
One Click Demo Import , Aug 04, 2025
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025