HT Mega

DevItems

Developer

3.0.0

Latest version

80,000

Installations

5 days ago

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

28 fixed

5 Mitigation rules

Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions vulnerability
<= 2.9.1
Jul 31, 2025
Authenticated (Author+) Sensitive Information Exposure vulnerability
<= 2.9.1
Jul 31, 2025
Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions vulnerability
<= 2.9.1
Jul 31, 2025
Broken Access Control Vulnerability
<= 2.9.0
Jul 30, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
<= 2.8.3
Mar 20, 2025
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget vulnerability
<= 2.8.2
Mar 8, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
<= 2.8.1
Feb 10, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css vulnerability
<= 2.7.6
Feb 3, 2025
Authenticated (Contributor+) Sensitive Information Exposure via template_id vulnerability
<= 2.6.5
Sep 25, 2024
JSON Path Traversal vulnerability
<= 2.5.7
Jul 11, 2024
Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability
<= 2.5.5
Jun 26, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.5.2
May 21, 2024
Missing Authorization to Options Update vulnerability
<= 2.5.2
May 21, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget vulnerability
<= 2.5.0
May 8, 2024
Sensitive Data Exposure vulnerability
<= 2.4.7
Apr 22, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion/FAQ vulnerability
<= 2.4.8
Apr 17, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.4.6
Apr 17, 2024
Sensitive Information Exposure via purchased_products vulnerability
<= 2.4.6
Apr 17, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.4.9
Apr 17, 2024
Cross Site Scripting (XSS) vulnerability
<= 2.4.3
Mar 25, 2024
Authenticated (Contributor+) Directory Traversal vulnerability
<= 2.4.6
Mar 14, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via titleTag vulnerability
<= 2.4.6
Mar 12, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel Widget vulnerability
<= 2.4.4
Mar 12, 2024
Cross Site Request Forgery (CSRF) vulnerability
<= 2.3.3
Dec 27, 2023
Reflected Cross Site Scripting (XSS) vulnerability
<= 2.3.8
Dec 26, 2023
Unauthenticated Privilege Escalation vulnerability
<= 2.2.0
Jul 14, 2023
SQL injection (SQLi) vulnerability
<= 1.6.9
Dec 20, 2021
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
<= 1.5.5
Apr 13, 2021