Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

devitemsllc — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting devitemsllc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Devitemsllc operates as a software development entity, primarily providing digital assets and components for web applications. Security audits reveal a concerning pattern of forty-three recorded Common Vulnerabilities and Exposures (CVEs), indicating systemic issues in their development lifecycle. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, suggesting inadequate input validation and sanitization protocols. Additionally, instances of broken access control and privilege escalation highlight significant flaws in authentication and authorization mechanisms. These technical deficiencies pose substantial risks to downstream clients relying on devitemsllc’s integrated solutions. While no single catastrophic data breach has been publicly attributed solely to the company, the high volume of critical flaws necessitates rigorous third-party security assessments. Organizations utilizing these components must implement strict sandboxing and continuous monitoring to mitigate the inherent risks associated with the identified attack vectors.

Top products by devitemsllc: HT Mega Addons for Elementor – Elementor Widgets & Template Builder ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin HT Event – WordPress Event Manager Plugin for Elementor
CVE IDTitleCVSSSeverityPublished
CVE-2026-4059 ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-79 6.4 Medium2026-04-14
CVE-2026-1714 ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-93 8.6 High2026-02-18
CVE-2025-13141 HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2025-11-21
CVE-2025-12493 ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template' — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-22 9.8 Critical2025-11-04
CVE-2025-11823 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-80 6.4 Medium2025-10-25
CVE-2025-8401 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-285 4.3 Medium2025-07-31
CVE-2025-8068 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-863 4.3 Medium2025-07-31
CVE-2025-8151 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-22 4.3 Medium2025-07-31
CVE-2025-3775 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-918 6.5 Medium2025-04-25
CVE-2025-1802 HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2025-03-20
CVE-2025-1527 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-79 6.4 Medium2025-03-12
CVE-2025-1261 HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2025-03-08
CVE-2024-12599 HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2025-02-11
CVE-2024-12597 HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2025-02-04
CVE-2024-13216 HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor — HT Event – WordPress Event Manager Plugin for ElementorCWE-359 4.3 Medium2025-01-31
CVE-2024-9538 ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-200 4.3 Medium2024-10-11
CVE-2024-8910 HT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-1230 4.3 Medium2024-09-25
CVE-2024-8668 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-79 6.4 Medium2024-09-25
CVE-2024-5215 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2024-06-26
CVE-2024-5173 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2024-06-26
CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-79 6.4 Medium2024-06-11
CVE-2024-4876 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2024-05-21
CVE-2024-3345 ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-79 6.4 Medium2024-05-21
CVE-2024-4875 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-862 4.3 Medium2024-05-21
CVE-2024-4566 ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-862 7.1 High2024-05-21
CVE-2024-3990 HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2024-05-09
CVE-2023-6327 ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-862 5.3 Medium2024-05-09
CVE-2024-3989 HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2024-05-09
CVE-2024-3307 HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2024-05-02
CVE-2024-2084 HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget — HT Mega Addons for Elementor – Elementor Widgets & Template BuilderCWE-79 6.4 Medium2024-05-02

This page lists every published CVE security advisory associated with devitemsllc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.