VYPR

Vendor CVEs

Hasthemes

All CVEs

74 total · sorted by risk
  • CVE-2025-24695MedJan 24, 2025
    risk 0.29cvss 4.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0.

  • CVE-2025-64271MedNov 13, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.This issue affects WP Plugin Manager: from n/a through <= 1.4.7.

  • CVE-2025-47468MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through <= 1.2.8.

  • CVE-2023-27456MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19.

  • CVE-2024-32782MedApr 24, 2024
    risk 0.28cvss 4.3epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.4.7.

  • CVE-2024-1771MedMar 6, 2024
    risk 0.28cvss 4.3epss 0.00

    The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-51529MedFeb 29, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3.

  • CVE-2023-6327MedMay 14, 2024
    risk 0.27cvss 5.3epss 0.01

    The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to…

  • CVE-2024-4875MedMay 21, 2024
    risk 0.21cvss 4.3epss 0.01

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated…

  • CVE-2023-7067MedMay 2, 2024
    risk 0.21cvss 4.3epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentor_template_store' function in all…

  • CVE-2023-37999May 17, 2024
    risk 0.04cvss epss 0.03

    Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.

  • CVE-2025-11823Oct 25, 2025
    risk 0.00cvss epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_exist_text' parameter in the 'wishsuite_button' shortcode in all versions up to, and including,…

  • CVE-2025-3775Apr 25, 2025
    risk 0.00cvss epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function. This…

  • CVE-2024-10802Nov 13, 2024
    risk 0.00cvss epss 0.01

    The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to…

  • CVE-2024-8910Sep 25, 2024
    risk 0.00cvss epss 0.00

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers,…

  • CVE-2024-34767Jun 3, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through 2.8.7.

  • CVE-2022-47172Jul 17, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.

  • CVE-2023-23802Jun 15, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.

  • CVE-2023-0498Mar 27, 2023
    risk 0.00cvss epss 0.00

    The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

  • CVE-2023-0504Mar 27, 2023
    risk 0.00cvss epss 0.00

    The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

  • CVE-2022-46798Mar 1, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.

  • CVE-2023-0232Feb 21, 2023
    risk 0.00cvss epss 0.03

    The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

  • CVE-2023-0231Feb 21, 2023
    risk 0.00cvss epss 0.01

    The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

  • CVE-2022-4650Jan 23, 2023
    risk 0.00cvss epss 0.01

    The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Page 2 of 2