cleantalk
Vulnerabilities and Security Researches

HT Mega – Absolute Addons For Elementor, CVE-2025-1802

CVE, Research URL

CVE-2025-1802

Home page URL

Security reports for HT Mega – Absolute Addons For Elementor

Application

HT Mega – Absolute Addons For Elementor

Published on
Mar 20, 2025
Research Description
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', and 'stt_button_text' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.3.
Affected versions
Min -, max 2.8.4.
Status
vulnerable
Previous vulnerability researches
HT Mega – Absolute Addons For Elementor (CVE-2025-1261) , Mar 09, 2025
HT Mega – Absolute Addons For Elementor (CVE-2024-8910) , Sep 26, 2024
HT Mega – Absolute Addons For Elementor (CVE-2024-12597) , Feb 04, 2025
HT Mega – Absolute Addons For Elementor (CVE-2024-38706) , Jul 14, 2024
HT Mega – Absolute Addons For Elementor (CVE-2021-24261) , Jun 07, 2024
New vulnerability
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025
Content Egg (CVE-2025-47536) , Aug 02, 2025
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Realtyna Organic IDX plugin + WPL Real Estate (CVE-2025-54052) , Aug 02, 2025