CVE-2021-24261

CVE-2021-24261: HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS

Vendor Unknown

Product HT Mega – Absolute Addons for Elementor Page Builder

Weakness CWE-79 · XSS

Published May 5, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Key dates

02Disclosure timeline

May 5, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24261

Related vulnerabilities

04Related CVE

CVE-2025-36563 CVE-2024-32568 WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-2174 Cross-site Scripting (XSS) - Reflected in microweber/microweber CVE-2023-29094 WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.20 is vulnerable to Cross Site Scripting (XSS) CVE-2023-28174 WordPress eRocket Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)