cleantalk
Vulnerabilities and Security Researches

HT Mega – Absolute Addons For Elementor, CVE-2026-4106

CVE, Research URL

CVE-2026-4106

Home page URL

Security reports for HT Mega – Absolute Addons For Elementor

Application

HT Mega – Absolute Addons For Elementor

Published on
Apr 23, 2026
Research Description
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days
Affected versions
max 3.0.7.
Status
vulnerable
Previous vulnerability researches
Conditional CAPTCHA (4cd087bd24cdab80b96787bcbaf20433abe5f6b0) , Jun 06, 2024
Conditional CAPTCHA (CVE-2026-1369) , Apr 25, 2026
New vulnerability
Qubely – Advanced Gutenberg Blocks (CVE-2025-58663) , Apr 25, 2026
WooCommerce Additional Fees On Checkout (Free) (CVE-2025-57903) , Apr 25, 2026
Save as PDF plugin by Pdfcrowd (CVE-2025-59552) , Apr 25, 2026
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2026-5488) , Apr 25, 2026
Responsive Lightbox & Gallery (CVE-2025-5093) , Apr 25, 2026