CVE-2021-24261: HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS
First published: Wed May 05 2021(Updated: )
The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HT Mega - Absolute Addons for Elementor Page Builder | <1.5.7 | |
| WordPress HT Mega | <1.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2021-24261.
What is the severity of CVE-2021-24261?
The severity of CVE-2021-24261 is medium.
What is the affected software?
The affected software is the “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7.
What is the vulnerability type for CVE-2021-24261?
The vulnerability type for CVE-2021-24261 is stored Cross-Site Scripting (XSS).
How can I fix CVE-2021-24261?
To fix CVE-2021-24261, update to version 1.5.7 or later of the “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/author
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/hasthemes
- canonical/ht mega - absolute addons for elementor page builder
- canonical/wordpress ht mega