CVE-2025-8068

by Fred · 31/07/2025

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the ‘ajax_trash_templates’ function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary attachment files, and move arbitrary posts, pages, and templates to the Trash.

More information : https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.9.0/admin/include/class.theme-builder.php#L625

CVE-2025-8068

Similar

Recent Posts

Categories

CVE-2025-8068

Share this:

Similar

Recent Posts

Categories

Tags