Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HT Plugins — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting HT Plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HT Plugins develops WordPress extensions to enhance website functionality, with a history of security vulnerabilities including multiple remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. Their plugins have accumulated 10 CVEs, often stemming from insufficient input validation and improper access controls. Notable incidents include a 2021 RCE vulnerability in a popular contact form plugin that allowed attackers to execute arbitrary code on affected servers. Security researchers have consistently identified similar patterns across their product line, underscoring persistent weaknesses in sanitization and authentication mechanisms. Despite patches, older versions remain vulnerable, posing ongoing risks to unpatched installations.

Top products by HT Plugins: HT Contact Form 7 Extensions For CF7 HT Mega – Absolute Addons for WPBakery Page Builder WishSuite HT Team Member HT Slider For Elementor HT Feed
CVE IDTitleCVSSSeverityPublished
CVE-2026-24991 WordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerability — Extensions For CF7CWE-639 5.3 Medium2026-02-03
CVE-2025-60147 WordPress HT Feed Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability — HT FeedCWE-79 6.5 Medium2025-09-26
CVE-2025-53463 WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability — HT Mega – Absolute Addons for WPBakery Page BuilderCWE-79 6.5 Medium2025-09-22
CVE-2025-54015 WordPress HT Contact Form 7 plugin <= 2.0.0 - Local File Inclusion Vulnerability — HT Contact Form 7CWE-98 6.6 Medium2025-07-16
CVE-2025-53206 WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability — HT Mega – Absolute Addons for WPBakery Page BuilderCWE-79 6.5 Medium2025-06-27
CVE-2025-53199 WordPress HT Slider For Elementor plugin <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability — HT Slider For ElementorCWE-79 6.5 Medium2025-06-27
CVE-2025-49309 WordPress HT Team Member plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability — HT Team MemberCWE-79 6.5 Medium2025-06-06
CVE-2025-30820 WordPress WishSuite plugin <= 1.4.4 - Local File Inclusion Vulnerability — WishSuiteCWE-98 7.5 High2025-03-27
CVE-2025-24726 WordPress Contact Form 7 Widget plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability — HT Contact Form 7CWE-79 6.5 Medium2025-01-24
CVE-2025-24695 WordPress Extensions For CF7 Plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability — Extensions For CF7CWE-918 4.4 Medium2025-01-24

This page lists every published CVE security advisory associated with HT Plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.