Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

htplugins — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting htplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

htplugins develops WordPress plugins for website functionality, with 11 CVEs recorded. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. Security assessments reveal inconsistent sanitization practices and inadequate authentication mechanisms in several plugins. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities across multiple products suggests systemic security weaknesses. The high concentration of CVEs indicates a need for improved secure coding practices and regular security audits to mitigate risks for end users relying on these extensions.

Top products by htplugins: HT Contact Form – Drag & Drop Form Builder for WordPress Insert Headers and Footers Code – HT Script HT Easy GA4 – Google Analytics WordPress Plugin WP Team – WordPress Team Member Plugin Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) HT Slider For Elementor WishSuite – Wishlist for WooCommerce Docus – YouTube Video Playlist
CVE IDTitleCVSSSeverityPublished
CVE-2026-1888 Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Docus – YouTube Video PlaylistCWE-79 6.4 Medium2026-02-06
CVE-2025-13838 WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute — WishSuite – Wishlist for WooCommerceCWE-79 6.4 Medium2025-12-21
CVE-2025-14278 HT Slider for Elementor <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — HT Slider For ElementorCWE-79 6.4 Medium2025-12-13
CVE-2025-12112 Insert Headers and Footers Code – HT Script <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting — Insert Headers and Footers Code – HT ScriptCWE-79 6.4 Medium2025-11-08
CVE-2025-7645 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion — Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)CWE-22 8.1 High2025-07-22
CVE-2025-7360 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move — HT Contact Form – Drag & Drop Form Builder for WordPressCWE-22 9.1 Critical2025-07-15
CVE-2025-7340 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload — HT Contact Form – Drag & Drop Form Builder for WordPressCWE-434 9.8 Critical2025-07-15
CVE-2025-7341 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Deletion — HT Contact Form – Drag & Drop Form Builder for WordPressCWE-269 9.1 Critical2025-07-15
CVE-2025-2779 Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — Insert Headers and Footers Code – HT ScriptCWE-862 6.5 Medium2025-04-02
CVE-2024-10223 HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode — WP Team – WordPress Team Member PluginCWE-79 6.4 Medium2024-10-30
CVE-2024-1176 HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update — HT Easy GA4 – Google Analytics WordPress PluginCWE-862 5.3 Medium2024-03-13

This page lists every published CVE security advisory associated with htplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.