ByteOS Network

CVE-2026-42728

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.03% / 10.27%

||

7 Day CHG~0.00%

Published-27 May, 2026 | 09:49

Updated-27 May, 2026 | 11:16

WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through <= 2.8.2.

Vendor-HasTech IT Limited (HasThemes)

Product-HT Contact Form 7

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2026-24991

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-5.3||MEDIUM

EPSS-0.04% / 13.25%

||

7 Day CHG~0.00%

Published-03 Feb, 2026 | 14:08

Updated-28 Apr, 2026 | 16:14

WordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through <= 3.4.0.

Vendor-HasTech IT Limited (HasThemes)

Product-Extensions For CF7

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2025-60147

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.03% / 9.04%

||

7 Day CHG~0.00%

Published-26 Sep, 2025 | 08:31

Updated-28 Apr, 2026 | 16:13

WordPress HT Feed Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Feed ht-instagram allows Stored XSS.This issue affects HT Feed: from n/a through <= 1.3.0.

Vendor-HasTech IT Limited (HasThemes)

Product-HT Feed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-53463

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.03% / 9.84%

||

7 Day CHG~0.00%

Published-22 Sep, 2025 | 18:25

Updated-28 Apr, 2026 | 16:13

WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through <= 1.0.9.

Vendor-HasTech IT Limited (HasThemes)

Product-HT Mega – Absolute Addons for WPBakery Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-54015

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.6||MEDIUM

EPSS-0.50% / 66.31%

||

7 Day CHG~0.00%

Published-16 Jul, 2025 | 10:36

Updated-28 Apr, 2026 | 16:13

WordPress HT Contact Form 7 plugin <= 2.0.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows PHP Local File Inclusion.This issue affects HT Contact Form 7: from n/a through <= 2.0.0.

Vendor-HasTech IT Limited (HasThemes)

Product-HT Contact Form 7

CWE ID-CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CVE-2025-53206

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 34.30%

||

7 Day CHG~0.00%

Published-27 Jun, 2025 | 13:21

Updated-28 Apr, 2026 | 16:13

WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows Stored XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through <= 1.0.8.

Vendor-HasTech IT Limited (HasThemes)

Product-HT Mega – Absolute Addons for WPBakery Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-53199

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 34.30%

||

7 Day CHG~0.00%

Published-27 Jun, 2025 | 13:20

Updated-28 Apr, 2026 | 16:13

WordPress HT Slider For Elementor plugin <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Slider For Elementor ht-slider-for-elementor allows DOM-Based XSS.This issue affects HT Slider For Elementor: from n/a through <= 1.6.5.

Vendor-HasTech IT Limited (HasThemes)

Product-HT Slider For Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-49309

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 34.30%

||

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:53

Updated-28 Apr, 2026 | 16:13

WordPress HT Team Member plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Team Member ht-team-member allows Stored XSS.This issue affects HT Team Member: from n/a through <= 1.1.7.

Vendor-HasTech IT Limited (HasThemes)

Product-HT Team Member

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30820

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.5||HIGH

EPSS-1.65% / 82.29%

||

7 Day CHG~0.00%

Published-27 Mar, 2025 | 10:55

Updated-28 Apr, 2026 | 16:11

WordPress WishSuite plugin <= 1.4.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins WishSuite wishsuite allows PHP Local File Inclusion.This issue affects WishSuite: from n/a through <= 1.4.4.

Vendor-HasTech IT Limited (HasThemes)

Product-WishSuite

CWE ID-CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CVE-2025-24726

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 30.07%

||

7 Day CHG~0.00%

Published-24 Jan, 2025 | 17:25

Updated-28 Apr, 2026 | 16:11

WordPress Contact Form 7 Widget plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through <= 1.2.1.

Vendor-HasTech IT Limited (HasThemes)

Product-HT Contact Form 7

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-24695

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-4.4||MEDIUM

EPSS-0.05% / 16.80%

||

7 Day CHG~0.00%

Published-24 Jan, 2025 | 17:24

Updated-11 May, 2026 | 23:16

WordPress Extensions For CF7 Plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0.

Vendor-HasTech IT Limited (HasThemes)

Product-extensions_for_cf7 Extensions For CF7

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

HT Plugins

Source -

BOS Name -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -