EUVD-2026-25196
GHSA-fjqg-327f-q6hw
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionNVD
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days
Analysis
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Arbitrary file upload in Breeze Cache for WordPress allows unauthenticated remote attackers to upload malicious files an
Stored XSS vulnerability in Check & Log Email WordPress plugin before version 2.0.13 allows authenticated users with low
Authenticated attackers with Subscriber-level privileges can escalate to Administrator role in Highland Software Custom
The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Esca
Remote code execution in Drag and Drop File Upload for Contact Form 7 plugin (≤1.1.3) allows unauthenticated attackers t
Share
External POC / Exploit Code
Leaving vuln.today