Unrated severityNVD Advisory· Published Sep 25, 2024· Updated Apr 8, 2026

HT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id

CVE-2024-8910

Description

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

Affected products

Hasthemes/Ht Megallm-fuzzy
Range: <=2.6.5
devitemsllc/HT Mega Addons for Elementor – Elementor Widgets & Template Builderv5
Range: 0
WordPress/Ht Megawp-canonicalize

Patches

r3156058

https://plugins.svn.wordpress.org/ht-mega-for-elementorvia osv

commit

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000