The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Advisories
Source ID Title
EUVD EUVD EUVD-2024-49474 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00083}

epss

{'score': 0.00103}


Thu, 03 Oct 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Hasthemes ht Mega
CPEs cpe:2.3:a:hasthemes:ht_mega_-_absolute_addons_for_elementor_page_builder:*:*:*:*:*:wordpress:*:* cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*
Vendors & Products Hasthemes ht Mega - Absolute Addons For Elementor Page Builder
Hasthemes ht Mega

Wed, 02 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Hasthemes
Hasthemes ht Mega - Absolute Addons For Elementor Page Builder
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:hasthemes:ht_mega_-_absolute_addons_for_elementor_page_builder:*:*:*:*:*:wordpress:*:*
Vendors & Products Hasthemes
Hasthemes ht Mega - Absolute Addons For Elementor Page Builder

Wed, 25 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 25 Sep 2024 07:00:00 +0000

Type Values Removed Values Added
Description The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Title HT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id
Weaknesses CWE-1230
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2024-09-25T13:26:21.429Z

Reserved: 2024-09-16T20:19:07.057Z

Link: CVE-2024-8910

cve-icon Vulnrichment

Updated: 2024-09-25T13:26:17.814Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-25T07:15:04.123

Modified: 2024-10-03T17:34:27.913

Link: CVE-2024-8910

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.